diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 8b240b1ce3013649202b0908dddf63b5e905e630..181de4a9cf5e4f261cf6fc8ba1f236a44424994c 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -4,3 +4,5 @@ binder_call(hal_bootctl_server, hal_bootctl_client)
 
 add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
 allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
+
+dontaudit hal_bootctl self:capability sys_rawio;
diff --git a/public/update_engine.te b/public/update_engine.te
index 6e97aa919290ad8f7b9fe2cedc2e3ff1d5612bbd..ca73c7e893154ed1333d89df3c2f7c7ba08b1576 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -24,6 +24,7 @@ wakelock_use(update_engine);
 
 # Ignore these denials.
 dontaudit update_engine kernel:process setsched;
+dontaudit update_engine self:capability sys_rawio;
 
 # Allow using persistent storage in /data/misc/update_engine.
 allow update_engine update_engine_data_file:dir create_dir_perms;