diff --git a/private/app.te b/private/app.te
index 25dbdb70b6c98dc93dc8b15bacd78437792aca4f..f127b986ea74fd3726ccad0b4ba4b0193e0e786c 100644
--- a/private/app.te
+++ b/private/app.te
@@ -138,26 +138,10 @@ allow appdomain shortcut_manager_icons:file { getattr read };
 # Read icon file (opened by system).
 allow appdomain icon_file:file { getattr read };
 
-# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
-#
-# TODO: All of these permissions except for anr_data_file:file append can be
-# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548
-# and the rules below.
+# Write to /data/anr/traces.txt.
 allow appdomain anr_data_file:dir search;
 allow appdomain anr_data_file:file { open append };
 
-# New stack dumping scheme : request an output FD from tombstoned via a unix
-# domain socket.
-#
-# Allow apps to connect and write to the tombstoned java trace socket in
-# order to dump their traces. Also allow them to append traces to pipes
-# created by dumptrace. (Also see the rules below where they are given
-# additional permissions to dumpstate pipes for other aspects of bug report
-# creation).
-unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
-allow appdomain tombstoned:fd use;
-allow appdomain dumpstate:fifo_file append;
-
 # Allow apps to send dump information to dumpstate
 allow appdomain dumpstate:fd use;
 allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown };
diff --git a/private/file_contexts b/private/file_contexts
index e541a7de99898ead4ead09132fdc49b58c8bbd92..4e09491a45f4268f29821cf37a74ee00dc809edb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -145,7 +145,6 @@
 /dev/socket/rild	u:object_r:rild_socket:s0
 /dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
 /dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
-/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
 /dev/socket/uncrypt	u:object_r:uncrypt_socket:s0
 /dev/socket/vold	u:object_r:vold_socket:s0
diff --git a/private/system_server.te b/private/system_server.te
index 99dc66314f2310ef033cbc31fc4948f122e972d3..5e7da2fd0cac91e2956a6de7870f43ce0bd3c78d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -330,24 +330,9 @@ allow system_server asec_apk_file:file create_file_perms;
 allow system_server asec_public_file:file create_file_perms;
 
 # Manage /data/anr.
-#
-# TODO: Some of these permissions can be withdrawn once we've switched to the
-# new stack dumping mechanism, see b/32064548 and the rules below. In particular,
-# the system_server should never need to create a new anr_data_file:file or write
-# to one, but it will still need to read and append to existing files.
 allow system_server anr_data_file:dir create_dir_perms;
 allow system_server anr_data_file:file create_file_perms;
 
-# New stack dumping scheme : request an output FD from tombstoned via a unix
-# domain socket.
-#
-# Allow system_server to connect and write to the tombstoned java trace socket in
-# order to dump its traces. Also allow the system server to write its traces to
-# dumpstate during bugreport capture.
-unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
-allow system_server tombstoned:fd use;
-allow system_server dumpstate:fifo_file append;
-
 # Read /data/misc/incidents - only read. The fd will be sent over binder,
 # with no DAC access to it, for dropbox to read.
 allow system_server incident_data_file:file read;
diff --git a/public/domain.te b/public/domain.te
index 67e792b5088a0536f7ca33d339f6f68077791987..bdba9291ad4d51c2771e697c5b36890d6190f89f 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -780,19 +780,14 @@ neverallow {
   # Processes that can't exec crash_dump
   -mediacodec
   -mediaextractor
-} tombstoned_crash_socket:unix_stream_socket connectto;
-
+} tombstoned:unix_stream_socket connectto;
 neverallow {
   domain
   -crash_dump
   -mediacodec
   -mediaextractor
 } tombstoned_crash_socket:sock_file write;
-
-# Never allow anyone except dumpstate or the system server to connect or write to
-# the tombstoned intercept socket.
 neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
-neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
 
 # Android does not support System V IPCs.
 #
diff --git a/public/file.te b/public/file.te
index bf8223a5ec77735053f7e1de1cbe218b151f6122..79f2c09e77ec1ebe4611ac197501e061df52811c 100644
--- a/public/file.te
+++ b/public/file.te
@@ -272,7 +272,6 @@ type rild_debug_socket, file_type;
 type system_wpa_socket, file_type, coredomain_socket;
 type system_ndebug_socket, file_type, coredomain_socket, mlstrustedobject;
 type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
-type tombstoned_java_trace_socket, file_type, mlstrustedobject;
 type tombstoned_intercept_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
 type vold_socket, file_type, coredomain_socket;
diff --git a/public/tombstoned.te b/public/tombstoned.te
index cf3ddcba9b8dda8e37449f98793f097efb48d516..37243bb6661071f14915d9d47475399b232f5bc0 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -10,13 +10,8 @@ allow tombstoned domain:dir r_dir_perms;
 allow tombstoned domain:file r_file_perms;
 allow tombstoned tombstone_data_file:dir rw_dir_perms;
 allow tombstoned tombstone_data_file:file create_file_perms;
+allow tombstoned anr_data_file:file { getattr append };
 
-# TODO: Remove append / write permissions. They were temporarily
-# granted due to a bug which appears to have been fixed.
-allow tombstoned anr_data_file:file { append write };
-auditallow tombstoned anr_data_file:file { append write };
-
-# Changes for the new stack dumping mechanism. Each trace goes into a
-# separate file, and these files are managed by tombstoned.
-allow tombstoned anr_data_file:dir rw_dir_perms;
-allow tombstoned anr_data_file:file { getattr open create };
+# TODO: Find out why this is happening.
+allow tombstoned anr_data_file:file write;
+auditallow tombstoned anr_data_file:file write;