diff --git a/sepolicy/private/untrusted_app.te b/sepolicy/private/untrusted_app.te
new file mode 100644
index 0000000..b872c21
--- /dev/null
+++ b/sepolicy/private/untrusted_app.te
@@ -0,0 +1,6 @@
+get_prop(untrusted_app, virtual_ab_prop);
+
+allow untrusted_app exported_camera_prop:file { read };
+allow untrusted_app proc_net:file { read open getattr };
+allow untrusted_app app_data_file:file { execute };
+dontaudit untrusted_app proc:file { read };
diff --git a/sepolicy/vendor/untrusted_app.te b/sepolicy/vendor/untrusted_app.te
index 5e8fe46..377ce76 100644
--- a/sepolicy/vendor/untrusted_app.te
+++ b/sepolicy/vendor/untrusted_app.te
@@ -10,3 +10,10 @@ allow untrusted_app proc_max_map_count:file { getattr open read };
 allow untrusted_app proc_version:file { getattr open read };
 allow untrusted_app proc_zoneinfo:file { getattr open read };
 allow untrusted_app vendor_file:file { execute getattr map open read };
+
+# dontaudit
+dontaudit untrusted_app proc_zoneinfo: file { read };
+dontaudit untrusted_app system_lib_file:file { execmod };
+dontaudit untrusted_app proc_version:file { read };
+allow untrusted_app proc_net_tcp_udp:file { read };
+allow untrusted_app rootfs:dir { read };
diff --git a/sepolicy/vendor/untrusted_app_29.te b/sepolicy/vendor/untrusted_app_29.te
index 0c8115c..b5cb815 100644
--- a/sepolicy/vendor/untrusted_app_29.te
+++ b/sepolicy/vendor/untrusted_app_29.te
@@ -7,3 +7,9 @@ allow untrusted_app_29 vendor_sysfs_kgsl:file { getattr  open  read };
 allow untrusted_app_29 hal_camera_default:binder { call };
 allow untrusted_app_29 vendor_xdsp_device:chr_file { ioctl };
 allow untrusted_app_29 zygote:unix_stream_socket { getopt };
+
+dontaudit untrusted_app_29 cgroup:file read;
+allow untrusted_app_29 proc_qtaguid_stat:file { read open getattr };
+allow untrusted_app_29 proc_zoneinfo:file { read open getattr };
+dontaudit untrusted_app_29 proc:file read;
+allow untrusted_app_29 app_data_file:file { execute };