diff --git a/bluetooth.te b/bluetooth.te
index 8ba56b0e2d39eebfb2e044d5b108fa9a2dde3876..56fe17058c4cc95a6c417016eda2a68bc669cc60 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -54,6 +54,7 @@ service_manager_local_audit_domain(bluetooth)
 auditallow bluetooth {
     service_manager_type
     -bluetooth_service
+    -radio_service
     -system_server_service
 }:service_manager find;
 
diff --git a/drmserver.te b/drmserver.te
index 12e3ac7c86d1045ed1c0b32c3d6ca2b18edd999d..14b2f49366fd66652c17e0b55fe3d50aaff21760 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -49,4 +49,8 @@ allow drmserver drmserver_service:service_manager add;
 
 # Audited locally.
 service_manager_local_audit_domain(drmserver)
-auditallow drmserver { service_manager_type -drmserver_service }:service_manager find;
+auditallow drmserver {
+    service_manager_type
+    -drmserver_service
+    -system_server_service
+}:service_manager find;
diff --git a/dumpstate.te b/dumpstate.te
index 279fd98fb71bdbc5d2b6c65c9d9aad2bfb8fb364..242cb932655f9768dd4daa4af72e4462e08168bd 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -96,3 +96,18 @@ control_logd(dumpstate)
 # Read network state info files.
 allow dumpstate net_data_file:dir search;
 allow dumpstate net_data_file:file r_file_perms;
+
+service_manager_local_audit_domain(dumpstate)
+auditallow dumpstate {
+    service_manager_type
+    -drmserver_service
+    -healthd_service
+    -inputflinger_service
+    -keystore_service
+    -mediaserver_service
+    -nfc_service
+    -radio_service
+    -surfaceflinger_service
+    -system_app_service
+    -system_server_service
+}:service_manager find;
diff --git a/isolated_app.te b/isolated_app.te
index 27b0e40c0b296e437ec78e267134a81f46891a2c..5929b259324bd2d6b6dfe67f0e439eb5b6a9e596 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -21,4 +21,9 @@ allow isolated_app app_data_file:file execute;
 
 # Audited locally.
 service_manager_local_audit_domain(isolated_app)
-auditallow isolated_app service_manager_type:service_manager find;
+auditallow isolated_app {
+    service_manager_type
+    -radio_service
+    -surfaceflinger_service
+    -system_server_service
+}:service_manager find;
diff --git a/nfc.te b/nfc.te
index c32e9d5970b09bf6269136c1921f008cc50e7d5a..2b851a276fd1e2865bea86aa9093eead3620d3f8 100644
--- a/nfc.te
+++ b/nfc.te
@@ -21,5 +21,6 @@ service_manager_local_audit_domain(nfc)
 auditallow nfc {
     service_manager_type
     -mediaserver_service
+    -surfaceflinger_service
     -system_server_service
 }:service_manager find;
diff --git a/radio.te b/radio.te
index 11691cb52a16b260d08d782352c32378f0e29c86..5f45df33c6741c23c2becc1988206661a13d092a 100644
--- a/radio.te
+++ b/radio.te
@@ -35,5 +35,6 @@ auditallow radio {
     service_manager_type
     -mediaserver_service
     -radio_service
+    -surfaceflinger_service
     -system_server_service
 }:service_manager find;
diff --git a/system_app.te b/system_app.te
index 24b135e5d0040c0b8ad9cbe6e99ba7d0364a58d6..5a5888f2ff1522b441421064bed4f6fd1efec73e 100644
--- a/system_app.te
+++ b/system_app.te
@@ -69,7 +69,9 @@ control_logd(system_app)
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
     service_manager_type
+    -keystore_service
     -nfc_service
+    -radio_service
     -surfaceflinger_service
     -system_server_service
 }:service_manager find;
diff --git a/untrusted_app.te b/untrusted_app.te
index ef7f1b5f94684b39b9e61ea19ee263003eebfeeb..c97b4513b8212c429aa286f23ce88d106fb3489d 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -69,6 +69,7 @@ service_manager_local_audit_domain(untrusted_app)
 auditallow untrusted_app {
     service_manager_type
     -drmserver_service
+    -keystore_service
     -mediaserver_service
     -nfc_service
     -radio_service