diff --git a/domain.te b/domain.te
index 0f6c6dac39a8fb6517ac289a3c20e0e5a0c26982..9145e74e3a55bb6bf95e604500c1ed20e269be80 100644
--- a/domain.te
+++ b/domain.te
@@ -208,11 +208,10 @@ neverallow domain self:capability2 mac_override;
 # Only recovery needs mac_admin to set contexts not defined in current policy.
 neverallow { domain -recovery } self:capability2 mac_admin;
 
-# Only init should be able to load SELinux policies.
+# Nobody should be able to load a new SELinux policy.
 # The first load technically occurs while still in the kernel domain,
 # but this does not trigger a denial since there is no policy yet.
-# Policy reload requires allowing this to the init domain.
-neverallow { domain -init } kernel:security load_policy;
+neverallow domain kernel:security load_policy;
 
 # Only init and the system_server can set selinux.reload_policy 1
 # to trigger a policy reload.
diff --git a/init.te b/init.te
index 34b010cf3ce1dd9cad4a50f3cae6c1c2ce1fac52..45d90fd277832dde4a927abe370d3919cca4e1e8 100644
--- a/init.te
+++ b/init.te
@@ -123,7 +123,6 @@ allow init security_file:dir { create setattr };
 
 # Reload policy upon setprop selinux.reload_policy 1.
 r_dir_file(init, security_file)
-allow init kernel:security load_policy;
 
 # Any operation that can modify the kernel ring buffer, e.g. clear
 # or a read that consumes the messages that were read.