diff --git a/app.te b/app.te
index c620d52ce21047a549b82953ef78a37d66d622b5..689ff95deaeaf7e84bafdabbad6bc116181e3603 100644
--- a/app.te
+++ b/app.te
@@ -20,9 +20,9 @@ allow appdomain zygote_tmpfs:file read;
 allow appdomain zygote:process sigchld;
 
 # Communicate with system_server.
-allow appdomain system:fifo_file rw_file_perms;
-allow appdomain system:unix_stream_socket { read write setopt };
-binder_call(appdomain, system)
+allow appdomain system_server:fifo_file rw_file_perms;
+allow appdomain system_server:unix_stream_socket { read write setopt };
+binder_call(appdomain, system_server)
 
 # Communicate with surfaceflinger.
 allow appdomain surfaceflinger:unix_stream_socket { read write setopt };
diff --git a/domain.te b/domain.te
index 215c1a3cfe6643eecfcd8b8697edd307c98fa0e3..6321237826777a1bbd6f5d03a7ef010154e5084c 100644
--- a/domain.te
+++ b/domain.te
@@ -20,7 +20,7 @@ allow domain self:{ unix_dgram_socket unix_stream_socket } *;
 
 # Inherit or receive open files from others.
 allow domain init:fd use;
-allow domain system:fd use;
+allow domain system_server:fd use;
 
 # Connect to adbd and use a socket transferred from it.
 allow domain adbd:unix_stream_socket connectto;
diff --git a/seapp_contexts b/seapp_contexts
index 41d3dd845944a375e246ad2f17c68edd629a5083..2049b8aa7be7f0403b0d2fad2693052df9b3d423 100644
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -32,7 +32,7 @@
 # levelFrom=app or levelFrom=all is only supported for _app UIDs.
 # level may be used to specify a fixed level for any UID. 
 #
-isSystemServer=true domain=system
+isSystemServer=true domain=system_server
 user=system domain=system_app type=system_data_file
 user=bluetooth domain=bluetooth type=bluetooth_data_file
 user=nfc domain=nfc type=nfc_data_file
diff --git a/system.te b/system.te
deleted file mode 100644
index f29367cefb5447854d70a4540dcf04c230f89bc7..0000000000000000000000000000000000000000
--- a/system.te
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# System Server aka system_server spawned by zygote.
-# Most of the framework services run in this process.
-#
-type system, domain;
-permissive system;
-unconfined_domain(system);
-relabelto_domain(system);
-
-# These are the capabilities assigned by the zygote to the
-# system server.
-allow system self:capability {
-    kill
-    net_admin
-    net_bind_service
-    net_broadcast
-    net_raw
-    sys_boot
-    sys_module
-    sys_nice
-    sys_resource
-    sys_time
-    sys_tty_config
-};
-
-# Create a socket for receiving info from wpa.
-type_transition system wifi_data_file:sock_file system_wpa_socket;
-allow system self:zygote { specifyids specifyrlimits specifyseinfo };
-
-allow system backup_data_file:dir relabelto;
-allow system cache_backup_file:dir relabelto;
-allow system anr_data_file:dir relabelto;
-allow system system_data_file:dir relabelto;
-allow system apk_data_file:file relabelto;
-allow system apk_tmp_file:file relabelto;
-allow system cache_backup_file:file relabelto;
-allow system apk_private_tmp_file:file relabelto;
-allow system wallpaper_file:file relabelto;
diff --git a/system_server.te b/system_server.te
new file mode 100644
index 0000000000000000000000000000000000000000..6b790995294cc81636ea51cb89a9f12bf75d5f3b
--- /dev/null
+++ b/system_server.te
@@ -0,0 +1,41 @@
+#
+# System Server aka system_server spawned by zygote.
+# Most of the framework services run in this process.
+#
+type system_server, domain;
+permissive system_server;
+unconfined_domain(system_server);
+relabelto_domain(system_server);
+
+# TODO: Remove the temporary alias below once the renaming of system to system_server is complete in all repositories.
+typealias system_server alias system;
+
+# These are the capabilities assigned by the zygote to the
+# system server.
+allow system_server self:capability {
+    kill
+    net_admin
+    net_bind_service
+    net_broadcast
+    net_raw
+    sys_boot
+    sys_module
+    sys_nice
+    sys_resource
+    sys_time
+    sys_tty_config
+};
+
+# Create a socket for receiving info from wpa.
+type_transition system_server wifi_data_file:sock_file system_wpa_socket;
+allow system_server self:zygote { specifyids specifyrlimits specifyseinfo };
+
+allow system_server backup_data_file:dir relabelto;
+allow system_server cache_backup_file:dir relabelto;
+allow system_server anr_data_file:dir relabelto;
+allow system_server system_data_file:dir relabelto;
+allow system_server apk_data_file:file relabelto;
+allow system_server apk_tmp_file:file relabelto;
+allow system_server cache_backup_file:file relabelto;
+allow system_server apk_private_tmp_file:file relabelto;
+allow system_server wallpaper_file:file relabelto;
diff --git a/zygote.te b/zygote.te
index 5b6162fe040b5bd15b8dc224b5bc26357343f282..ddda88c8d2f5e9282d7a0a188a4d8d0a835556ad 100644
--- a/zygote.te
+++ b/zygote.te
@@ -9,13 +9,13 @@ allow zygote self:capability { dac_override setgid setuid fowner };
 # Drop capabilities from bounding set.
 allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
-allow zygote system:process dyntransition;
+allow zygote system_server:process dyntransition;
 allow zygote appdomain:process dyntransition;
 # Allow zygote to read + write app data dirs (b/10455872 and b/10498304)
 allow zygote appdomain:dir { getattr search };
 allow zygote appdomain:file { r_file_perms write };
 # Move children into the peer process group.
-allow zygote system:process { getpgid setpgid };
+allow zygote system_server:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };
 # Write to system data.
 allow zygote system_data_file:dir rw_dir_perms;