diff --git a/public/domain.te b/public/domain.te
index 38cd275eb..7835e3a2e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1335,3 +1335,12 @@ neverallow domain {
 
 dontaudit domain proc_type:dir write;
 dontaudit domain sysfs_type:dir write;
+
+# These are only needed in permissive mode - in enforcing mode the
+# directory write check fails and so these are never attempted.
+userdebug_or_eng(`
+  dontaudit domain proc_type:dir add_name;
+  dontaudit domain sysfs_type:dir add_name;
+  dontaudit domain proc_type:file create;
+  dontaudit domain sysfs_type:file create;
+')