diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index e1bba0d423bccf0fa2e484d0920b0763a17ab4a8..949c87acf8d122435d8295d1041e6f500db4dae3 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -128,3 +128,12 @@ allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
 create_pty(untrusted_app_all)
+
+# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
+dontaudit untrusted_app_all net_dns_prop:file read;
+
+# These have been disallowed since Android O.
+# For P, we assume that apps are safely handling the denial.
+dontaudit untrusted_app_all proc_stat:file read;
+dontaudit untrusted_app_all proc_vmstat:file read;
+dontaudit untrusted_app_all proc_uptime:file read;