diff --git a/public/domain.te b/public/domain.te
index ed567ae89250847344931a79bc0c23d7a83a9fb6..0027efa37828d4dd44081833ce47e6addd6f4fe6 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1333,3 +1333,12 @@ neverallow domain {
 
 dontaudit domain proc_type:dir write;
 dontaudit domain sysfs_type:dir write;
+
+# These are only needed in permissive mode - in enforcing mode the
+# directory write check fails and so these are never attempted.
+userdebug_or_eng(`
+  dontaudit domain proc_type:dir add_name;
+  dontaudit domain sysfs_type:dir add_name;
+  dontaudit domain proc_type:file create;
+  dontaudit domain sysfs_type:file create;
+')