diff --git a/app.te b/app.te
index 8288ea054bbeb5d7abcf6749725de07c35648876..e24215249146502c3b47824b80d142886d6aa0a3 100644
--- a/app.te
+++ b/app.te
@@ -255,7 +255,7 @@ neverallow appdomain { domain -appdomain }:process
 
 # Transition to a non-app domain.
 # Exception for the shell domain, can transition to runas, etc.
-neverallow { appdomain -shell } ~appdomain:process
+neverallow { appdomain -shell } { domain -appdomain }:process
     { transition dyntransition };
 
 # Write to rootfs.
diff --git a/file.te b/file.te
index 99c3839756104cdc6b72ff8b0ae16186b7bbc6e9..7df06d3989527215c0d66af33d7aafab2d172738 100644
--- a/file.te
+++ b/file.te
@@ -167,4 +167,4 @@ allow dev_type tmpfs:filesystem associate;
 #   type apk_data_file, file_type, data_file_type, fs_type;
 # Should be:
 #   type apk_data_file, file_type, data_file_type;
-neverallow fs_type file_type:filesystem *;
+neverallow fs_type file_type:filesystem associate;