diff --git a/otapreopt_chroot.te b/otapreopt_chroot.te
index fcba7b145163b30bba2490d8f6f21d5631b38955..1c5f2eed0f4f16194b1cd18b88e1a6892c9178d9 100644
--- a/otapreopt_chroot.te
+++ b/otapreopt_chroot.te
@@ -10,6 +10,8 @@ allow otapreopt_chroot self:capability { sys_admin sys_chroot };
 # This is required to mount /vendor.
 allow otapreopt_chroot block_device:dir search;
 allow otapreopt_chroot labeledfs:filesystem mount;
+# Mounting /vendor can have this side-effect. Ignore denial.
+dontaudit otapreopt_chroot kernel:process setsched;
 
 # Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
 domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)