diff --git a/prebuilts/api/28.0/private/bpfloader.te b/prebuilts/api/28.0/private/bpfloader.te
index e6902316d62a4dd020af14b0c492ecf1ae5b677f..4e8ec2b46eb4c13c6e90153bcee6d240dd051159 100644
--- a/prebuilts/api/28.0/private/bpfloader.te
+++ b/prebuilts/api/28.0/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+
+dontaudit bpfloader self:capability sys_admin;
diff --git a/private/bpfloader.te b/private/bpfloader.te
index e6902316d62a4dd020af14b0c492ecf1ae5b677f..4e8ec2b46eb4c13c6e90153bcee6d240dd051159 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+
+dontaudit bpfloader self:capability sys_admin;