diff --git a/public/su.te b/public/su.te
index 0312945484620db72f6aa59873eb934ae6a5d121..c2a4b2bc22779aff5d97a9043db150fc98de6858 100644
--- a/public/su.te
+++ b/public/su.te
@@ -19,7 +19,7 @@ userdebug_or_eng(`
 
   dontaudit su self:capability_class_set *;
   dontaudit su kernel:security *;
-  dontaudit su kernel:system *;
+  dontaudit su { kernel file_type }:system *;
   dontaudit su self:memprotect *;
   dontaudit su domain:process *;
   dontaudit su domain:fd *;
@@ -50,6 +50,7 @@ userdebug_or_eng(`
   dontaudit su domain:drmservice *;
   dontaudit su unlabeled:filesystem *;
   dontaudit su postinstall_file:filesystem *;
+  dontaudit su domain:bpf *;
 
   # VTS tests run in the permissive su domain on debug builds, but the HALs
   # being tested run in enforcing mode. Because hal_foo_server is enforcing