diff --git a/app.te b/app.te
index 324039238da325590975c21e8a1c2e4bee2f5551..b03355f9e0bb592ec3d855921756fe2a4a53f5ad 100644
--- a/app.te
+++ b/app.te
@@ -321,9 +321,7 @@ neverallow appdomain exec_type:file
 # This is the default type for anything under /data not otherwise
 # specified in file_contexts.  Define a different type for portions
 # that should be writable by apps.
-# Exception for system_app for Settings.
-neverallow { appdomain -system_app }
-    system_data_file:dir_file_class_set
+neverallow appdomain system_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 
 # Write to various other parts of /data.
diff --git a/system_app.te b/system_app.te
index 36c5cfc2f8299529f804fd60b07db917a00adeab..8589a9d1458cf633f497c2007f5dfb40324419ed 100644
--- a/system_app.te
+++ b/system_app.te
@@ -16,16 +16,9 @@ allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
 allow system_app keychain_data_file:dir r_dir_perms;
 allow system_app keychain_data_file:file r_file_perms;
 
-# Read and write to other system-owned /data directories, such as
-# /data/system/cache and /data/misc/user.
-allow system_app system_data_file:dir create_dir_perms;
-allow system_app system_data_file:file create_file_perms;
+# Read and write to /data/misc/user.
 allow system_app misc_user_data_file:dir create_dir_perms;
 allow system_app misc_user_data_file:file create_file_perms;
-# Audit writes to these directories and files so we can identify
-# and possibly move these directories into their own type in the future.
-auditallow system_app system_data_file:dir { create setattr add_name remove_name rmdir rename };
-auditallow system_app system_data_file:file { create setattr append write link unlink rename };
 
 # Access to vold-mounted storage for measuring free space
 allow system_app mnt_media_rw_file:dir search;