diff --git a/private/isolated_app.te b/private/isolated_app.te
index ac9dc04ba309e1d401aed22043f1fc7069cefbd2..37935c39597df2d60048bd8ad135998f3d70509f 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -46,6 +46,10 @@ allow isolated_app webview_zygote:unix_dgram_socket write;
 # Read system properties managed by webview_zygote.
 allow isolated_app webview_zygote_tmpfs:file read;
 
+# TODO (b/63631799) fix this access
+# suppress denials to /data/local/tmp
+dontaudit isolated_app shell_data_file:dir search;
+
 #####
 ##### Neverallow
 #####
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 501581abf3b3f091bc31b30b5641f844b2cd2517..bb5cc81aa6bf80c8c4a2156eee494d29af715e55 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -43,6 +43,10 @@ allow webview_zygote system_server:process getpgid;
 # Interaction between the webview_zygote and its children.
 allow webview_zygote isolated_app:process setpgid;
 
+# TODO (b/63631799) fix this access
+# Suppress denials to storage. Webview zygote should not be accessing.
+dontaudit webview_zygote mnt_expand_file:dir getattr;
+
 # Get seapp_contexts
 allow webview_zygote seapp_contexts_file:file r_file_perms;
 # Check validity of SELinux context before use.