diff --git a/private/priv_app.te b/private/priv_app.te
index 654264a457fda2225353b803be58077295f00401..585f466258dc19b2a6e5f5f7b5a4e0e755cd0385 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -127,6 +127,9 @@ allow priv_app selinuxfs:file r_file_perms;
 
 read_runtime_log_tags(priv_app)
 
+# suppress denials when safetynet scans /system
+dontaudit priv_app exec_type:file getattr;
+
 ###
 ### neverallow rules
 ###