diff --git a/adbd.te b/adbd.te
index 58fdead680ac7800f55b288e5011c58c53021070..3b654a152d9aae89605d94befb23970064a1303c 100644
--- a/adbd.te
+++ b/adbd.te
@@ -68,3 +68,9 @@ allow adbd appdomain:unix_stream_socket connectto;
 # ndk-gdb invokes adb pull of app_process, linker, and libc.so.
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
+
+service_manager_local_audit_domain(adbd)
+auditallow adbd {
+    service_manager_type
+    -surfaceflinger_service
+}:service_manager find;
diff --git a/system_app.te b/system_app.te
index 24b135e5d0040c0b8ad9cbe6e99ba7d0364a58d6..5a5888f2ff1522b441421064bed4f6fd1efec73e 100644
--- a/system_app.te
+++ b/system_app.te
@@ -69,7 +69,9 @@ control_logd(system_app)
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
     service_manager_type
+    -keystore_service
     -nfc_service
+    -radio_service
     -surfaceflinger_service
     -system_server_service
 }:service_manager find;