diff --git a/public/crash_dump.te b/public/crash_dump.te
index e117176c41318dc397268cc41b0ca86600abf372..e1327e49e00cef418097d143ac06d4b1fc016084 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -1,7 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump self:capability { sys_ptrace kill };
 allow crash_dump {
   domain
   -init
@@ -9,6 +8,11 @@ allow crash_dump {
   -keystore
   -logd
 }:process { ptrace signal sigchld sigstop sigkill };
+
+# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
+# which will result in an audit log even when it's allowed to trace.
+dontaudit crash_dump self:capability { sys_ptrace };
+
 userdebug_or_eng(`
   allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
 ')