diff --git a/Android.mk b/Android.mk
index 91d6303019dd5d7d692e4da0ab892cffd27cdc18..102b2b18840d99f78ff49415bb166c857bf736f9 100644
--- a/Android.mk
+++ b/Android.mk
@@ -5,7 +5,7 @@ include $(CLEAR_VARS)
 # SELinux policy version.
 # Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
 # Must be within the compatibility range reported by checkpolicy -V.
-POLICYVERS ?= 30
+POLICYVERS ?= 29
 
 MLS_SENS=1
 MLS_CATS=1024
diff --git a/isolated_app.te b/isolated_app.te
index 0fab85e10bfd3b8431f31169d237bbad2230c32c..f40527316b746a8d38d0aa217be0d67fb7c6413e 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,9 +18,6 @@ allow isolated_app app_data_file:file { read write getattr lock };
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Google Breakpad (crash reporter for Chrome) relies on ptrace
 # functionality. Without the ability to ptrace, the crash reporter
 # tool is broken.
diff --git a/untrusted_app.te b/untrusted_app.te
index ecf85a22da6c95b5843eac11bda34a8424c11592..e68c57013ee630b88451702900c5a5ad4c678584 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -77,9 +77,6 @@ allow untrusted_app radio_service:service_manager find;
 allow untrusted_app surfaceflinger_service:service_manager find;
 allow untrusted_app app_api_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Allow GMS core to access perfprofd output, which is stored
 # in /data/misc/perfprofd/. GMS core will need to list all
 # data stored in that directory to process them one by one.