diff --git a/public/debuggerd.te b/public/debuggerd.te
index 33f88784f7c6f69a2090dc9048d8e715b22c3df3..0222e347039486df5064232bc57423257c1482c5 100644
--- a/public/debuggerd.te
+++ b/public/debuggerd.te
@@ -15,9 +15,15 @@ allow debuggerd {
   -healthd
   -init
   -keystore
+  -logd
   -ueventd
   -watchdogd
 }:process { execmem ptrace getattr };
+
+userdebug_or_eng(`
+  allow debuggerd logd:process { execmem ptrace getattr };
+')
+
 allow debuggerd tombstone_data_file:dir rw_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
 allow debuggerd shared_relro_file:dir r_dir_perms;
diff --git a/public/logd.te b/public/logd.te
index 3e6f7b6910c89b04f7e006e6dbaf86414cac58bc..a35be5ccda9a2895dfc28509041f3ba2c2ce17e5 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -48,6 +48,9 @@ neverallow logd dev_type:blk_file { read write };
 # ptrace any other app
 neverallow logd domain:process ptrace;
 
+# ... and nobody may ptrace me (except on userdebug or eng builds)
+neverallow { domain userdebug_or_eng(`-debuggerd') } logd:process ptrace;
+
 # Write to /system.
 neverallow logd system_file:dir_file_class_set write;