diff --git a/private/bpfloader.te b/private/bpfloader.te
index 1caf95268a43da30f52235b50f517e0193910068..fe3e648f9c3564579181677bf268ee08121c6eed 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -13,8 +13,7 @@ allow bpfloader fs_bpf:dir  create_dir_perms;
 allow bpfloader fs_bpf:file create_file_perms;
 allow bpfloader devpts:chr_file { read write };
 
-# TODO: unknown fd pass denials, need further investigation.
-dontaudit bpfloader netd:fd use;
+allow bpfloader netd:fd use;
 
 # Use pinned bpf map files from netd.
 allow bpfloader netd:bpf { map_read map_write };
diff --git a/private/system_server.te b/private/system_server.te
index 1905382206c3f7e813b1aec8f7136778fdb6f156..21e689a4ff9f1ed4246f3bc6d815ed38809d8388 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -749,8 +749,8 @@ with_asan(`
 
 # allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
 # the map after snapshot is recorded
-allow system_server fs_bpf:file write;
-allow system_server netd:bpf { map_read map_write };
+allow system_server fs_bpf:file read;
+allow system_server netd:bpf map_read;
 
 # ART Profiles.
 # Allow system_server to open profile snapshots for read.