diff --git a/private/bpfloader.te b/private/bpfloader.te
index 1caf95268a43da30f52235b50f517e0193910068..fe3e648f9c3564579181677bf268ee08121c6eed 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -13,8 +13,7 @@ allow bpfloader fs_bpf:dir  create_dir_perms;
 allow bpfloader fs_bpf:file create_file_perms;
 allow bpfloader devpts:chr_file { read write };
 
-# TODO: unknown fd pass denials, need further investigation.
-dontaudit bpfloader netd:fd use;
+allow bpfloader netd:fd use;
 
 # Use pinned bpf map files from netd.
 allow bpfloader netd:bpf { map_read map_write };
diff --git a/private/system_server.te b/private/system_server.te
index a512e5d26e01dd986c611be27f6b63482a58b9c2..d1571d69249a7f9a5f48b49d7ac9526a61ad6dbc 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -746,8 +746,8 @@ with_asan(`
 
 # allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
 # the map after snapshot is recorded
-allow system_server fs_bpf:file write;
-allow system_server netd:bpf { map_read map_write };
+allow system_server fs_bpf:file read;
+allow system_server netd:bpf map_read;
 
 # ART Profiles.
 # Allow system_server to open profile snapshots for read.