diff --git a/public/vold.te b/public/vold.te
index 05ffcb78540532ec39128de057c1f82488d11c75..b2ffbd3569265dfe6375ba8aa7e0b48a38a21f5f 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -212,3 +212,5 @@ neverallow vold {
 
 neverallow vold fsck_exec:file execute_no_trans;
 neverallow { domain -init } vold:process { transition dyntransition };
+neverallow vold *:process ptrace;
+neverallow vold *:rawip_socket *;