diff --git a/private/app.te b/private/app.te
index 84be2bf5e18e55ca706decbd7aecabf12fc8b708..d27ce64af3012eb6980310110c8062ee2227a289 100644
--- a/private/app.te
+++ b/private/app.te
@@ -14,9 +14,6 @@ allow appdomain zygote_tmpfs:file read;
 # WebView and other application-specific JIT compilers
 allow appdomain self:process execmem;
 
-# allow access to the interpreter
-allow appdomain libart_file:file { execute read open getattr };
-
 allow appdomain ashmem_device:chr_file execute;
 
 # Receive and use open file descriptors inherited from zygote.
diff --git a/private/file_contexts b/private/file_contexts
index 33b201e1dd33ded5f0eaf42586e138d4716e4783..9236bfe83ebd100a324cf62c33fd9444dbd297f8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -239,8 +239,6 @@
 /system/bin/storaged             u:object_r:storaged_exec:s0
 /system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
-/system/fake-lib(64)?/libart.*   u:object_r:libart_file:s0
-/system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
 /system/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
 /system/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
diff --git a/private/zygote.te b/private/zygote.te
index f9213cedf81f3d70ffd4ef734370f13c8e70cb33..f0ac0b2abe8fb284898d59b5c68ef74af06203e4 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -40,8 +40,6 @@ allow zygote dalvikcache_data_file:lnk_file create_file_perms;
 allow zygote resourcecache_data_file:dir rw_dir_perms;
 allow zygote resourcecache_data_file:file create_file_perms;
 
-# For art.
-allow zygote libart_file:file { execute read open getattr };
 # When WITH_DEXPREOPT is true, the zygote does not load executable content from
 # /data/dalvik-cache.
 allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
diff --git a/public/crash_dump.te b/public/crash_dump.te
index af74247f7b4ff6ccc65f6dcf48f4c8c720e3efed..e117176c41318dc397268cc41b0ca86600abf372 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -24,9 +24,6 @@ allow crash_dump exec_type:file r_file_perms;
 allow crash_dump dalvikcache_data_file:dir { search getattr };
 allow crash_dump dalvikcache_data_file:file r_file_perms;
 
-# Unwind through libart.
-allow crash_dump libart_file:file r_file_perms;
-
 # Talk to tombstoned
 unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
 
diff --git a/public/dex2oat.te b/public/dex2oat.te
index be9877cf43f5735b5ead6e64f48ece7173c415dd..f4a7418c3c6368d7f5cbee7fece4a10214d51e3e 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -6,9 +6,6 @@ r_dir_file(dex2oat, {apk_data_file ephemeral_apk_data_file})
 
 allow dex2oat tmpfs:file { read getattr };
 
-# allow access to the interpreter
-allow dex2oat libart_file:file { execute read open getattr };
-
 r_dir_file(dex2oat, dalvikcache_data_file)
 allow dex2oat dalvikcache_data_file:file write;
 # Read symlinks in /data/dalvik-cache. This is required for PIC mode boot images, where
diff --git a/public/domain.te b/public/domain.te
index ca8683660950b295aadc813aa62457d5b9832109..5df7a4351869eb1aa90c40a487724201b4049167 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -94,21 +94,6 @@ allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
-# Initially grant all domains access to libart.
-# TODO move to a whitelist. b/29795519
-allow domain libart_file:file { execute read open getattr };
-auditallow {
-  domain
-  -appdomain
-  -crash_dump
-  -dex2oat
-  -dumpstate
-  -profman
-  -recovery
-  -webview_zygote
-  -zygote
-} libart_file:file { execute read open getattr };
-
 # read any sysfs symlinks
 allow domain sysfs:lnk_file read;
 
@@ -308,7 +293,7 @@ neverallow {
     -system_server
     -webview_zygote
     -zygote
-} { file_type -libart_file -system_file -exec_type -postinstall_file }:file execute;
+} { file_type -system_file -exec_type -postinstall_file }:file execute;
 neverallow {
     domain
     -appdomain # for oemfs
@@ -640,7 +625,7 @@ neverallow * ~servicemanager:service_manager list;
 # TODO - rework this: neverallow * ~service_manager_type:service_manager { add find };
 
 # Prevent assigning non property types to properties
-# TODO - rework this: neverallow * ~property_type:property_service set; 
+# TODO - rework this: neverallow * ~property_type:property_service set;
 
 # Domain types should never be assigned to any files other
 # than the /proc/pid files associated with a process. The
diff --git a/public/dumpstate.te b/public/dumpstate.te
index a70614dab691d122754335a4ba8a2d4dd668963e..bac648e2b581f6a76d08ea1a888a708122f9a7bb 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -114,7 +114,6 @@ allow dumpstate zygote_exec:file rx_file_perms;
 allow dumpstate ashmem_device:chr_file execute;
 allow dumpstate self:process execmem;
 # For art.
-allow dumpstate libart_file:file { r_file_perms execute };
 allow dumpstate dalvikcache_data_file:dir { search getattr };
 allow dumpstate dalvikcache_data_file:file { r_file_perms execute };
 allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
diff --git a/public/file.te b/public/file.te
index 7bf44ccb49c89c6ff65d95a7cd2428d1200e2ba0..c48e04eded543af467e3c396e29ab866085b3859 100644
--- a/public/file.te
+++ b/public/file.te
@@ -78,8 +78,6 @@ type unlabeled, file_type;
 type system_file, file_type;
 # Speedup access for trusted applications to the runtime event tags
 type runtime_event_log_tags_file, file_type;
-# Type for /system/*/libart*
-type libart_file, file_type;
 # Type for /system/bin/logcat.
 type logcat_exec, exec_type, file_type;
 # /cores for coredumps on userdebug / eng builds
diff --git a/public/profman.te b/public/profman.te
index 6afd417f939ef9611f93c01761119c57b6540db4..ff8154060a14dac37cd93e1c5c514ad785dffb7f 100644
--- a/public/profman.te
+++ b/public/profman.te
@@ -2,8 +2,6 @@
 type profman, domain;
 type profman_exec, exec_type, file_type;
 
-allow profman libart_file:file r_file_perms;
-
 allow profman user_profile_data_file:file { getattr read write lock };
 
 # Dumping profile info opens the application APK file for pretty printing.
diff --git a/public/recovery.te b/public/recovery.te
index c607d034c237c6dc80f58b0d888156c370a17d0c..11c01ed50daf4e71e730f8e353150f2939158c0e 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -28,7 +28,7 @@ recovery_only(`
 
   # Create and relabel files and directories under /system.
   allow recovery exec_type:{ file lnk_file } { create_file_perms relabelfrom relabelto };
-  allow recovery { system_file libart_file }:{ file lnk_file } { create_file_perms relabelfrom relabelto };
+  allow recovery { system_file }:{ file lnk_file } { create_file_perms relabelfrom relabelto };
   allow recovery system_file:dir { create_dir_perms relabelfrom relabelto };
 
   # We may be asked to set an SELinux label for a type not known to the