diff --git a/system_server.te b/system_server.te
index 7baf3ee4a20208f4e8e195c30f82958b69109152..c2b72bfe1ff25a81e1dbe33504c7b12a1e5147ab 100644
--- a/system_server.te
+++ b/system_server.te
@@ -111,9 +111,6 @@ allow system_server node:rawip_socket node_bind;
 # 3rd party VPN clients require a tun_socket to be created
 allow system_server self:tun_socket create_socket_perms;
 
-# Notify init of death.
-allow system_server init:process sigchld;
-
 # Talk to init and various daemons via sockets.
 unix_socket_connect(system_server, installd, installd)
 unix_socket_connect(system_server, lmkd, lmkd)
diff --git a/te_macros b/te_macros
index 84af301eb022db894fcbf41dd2cc5163690d13ba..9600b5273eb4f8c7936a628fc7c6d1d522eb5c90 100644
--- a/te_macros
+++ b/te_macros
@@ -13,7 +13,7 @@ allow $1 $3:process transition;
 # New domain is entered by executing the file.
 allow $3 $2:file { entrypoint open read execute getattr };
 # New domain can send SIGCHLD to its caller.
-allow $3 $1:process sigchld;
+ifelse($1, `init', `', `allow $3 $1:process sigchld;')
 # Enable AT_SECURE, i.e. libc secure mode.
 dontaudit $1 $3:process noatsecure;
 # XXX dontaudit candidate but requires further study.
diff --git a/ueventd.te b/ueventd.te
index f67c0db8655ed0fcbf9a52927d76d0fa4cf4f76f..e446207286c812d9821cebcb3ad0ca95fc0055d9 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -8,7 +8,6 @@ tmpfs_domain(ueventd)
 type_transition ueventd device:chr_file klog_device "__kmsg__";
 allow ueventd klog_device:chr_file { create open write unlink };
 
-allow ueventd init:process sigchld;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;