diff --git a/sepolicy/vendor/untrusted_app.te b/sepolicy/vendor/untrusted_app.te
index 567421cf..a9815316 100644
--- a/sepolicy/vendor/untrusted_app.te
+++ b/sepolicy/vendor/untrusted_app.te
@@ -3,3 +3,31 @@ allow untrusted_app_25 zygote:unix_stream_socket getopt;
 allow untrusted_app_27 zygote:unix_stream_socket getopt;
 allow untrusted_app_29 zygote:unix_stream_socket getopt;
 allow untrusted_app_30 zygote:unix_stream_socket getopt;
+
+# dontaudit
+dontaudit untrusted_app proc_zoneinfo: file { read };
+dontaudit untrusted_app system_lib_file:file { execmod };
+dontaudit untrusted_app proc_version:file { read };
+dontaudit untrusted_app proc_net_tcp_udp:file { read };
+dontaudit untrusted_app selinuxfs:file { read };
+dontaudit untrusted_app serialno_prop:file { read };
+dontaudit untrusted_app app_data_file:file { execute  execute_no_trans };
+dontaudit untrusted_app mnt_vendor_file:dir { search };
+dontaudit untrusted_app proc:file { read };
+dontaudit untrusted_app proc:file { open };
+dontaudit untrusted_app proc_net_tcp_udp:file { open };
+dontaudit untrusted_app proc_version:file { read };
+
+allow untrusted_app rootfs:dir { read };
+
+allow untrusted_app proc_kmsg:file { getattr };
+allow untrusted_app proc_keys:file { getattr };
+allow untrusted_app proc_swaps:file { getattr };
+allow untrusted_app proc_modules:file { read };
+
+get_prop(untrusted_app, wifi_hal_prop)
+
+allow untrusted_app rootfs:dir { open };
+allow untrusted_app sysfs:dir { read };
+
+allow untrusted_app block_device:dir { search };