diff --git a/prebuilts/api/28.0/private/bpfloader.te b/prebuilts/api/28.0/private/bpfloader.te
index e6902316d62a4dd020af14b0c492ecf1ae5b677f..4e8ec2b46eb4c13c6e90153bcee6d240dd051159 100644
--- a/prebuilts/api/28.0/private/bpfloader.te
+++ b/prebuilts/api/28.0/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+
+dontaudit bpfloader self:capability sys_admin;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index c9bcb8657b1fdaa33dcfe3c8da191dc4ea2d7ca1..e5ca578b6a630f2beee6a5a5d9c4bf35c72fbb05 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -214,7 +214,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:property_service set;
@@ -223,7 +223,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
     -vendor_init
   } {
     exported_bluetooth_prop
@@ -232,7 +232,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
@@ -241,7 +241,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
     -vendor_init
   } {
@@ -293,7 +293,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:file no_rw_file_perms;
@@ -301,7 +301,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
diff --git a/private/bpfloader.te b/private/bpfloader.te
index e6902316d62a4dd020af14b0c492ecf1ae5b677f..4e8ec2b46eb4c13c6e90153bcee6d240dd051159 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+
+dontaudit bpfloader self:capability sys_admin;
diff --git a/public/property.te b/public/property.te
index c9bcb8657b1fdaa33dcfe3c8da191dc4ea2d7ca1..e5ca578b6a630f2beee6a5a5d9c4bf35c72fbb05 100644
--- a/public/property.te
+++ b/public/property.te
@@ -214,7 +214,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:property_service set;
@@ -223,7 +223,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
     -vendor_init
   } {
     exported_bluetooth_prop
@@ -232,7 +232,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
@@ -241,7 +241,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
     -vendor_init
   } {
@@ -293,7 +293,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:file no_rw_file_perms;
@@ -301,7 +301,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop