diff --git a/private/perfprofd.te b/private/perfprofd.te
index 9c249fd9a069e4c455afaa2cba281610312f4a60..4da5410321ca4db83668a4a53caca4d979ded5b0 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -2,3 +2,7 @@ userdebug_or_eng(`
   typeattribute perfprofd coredomain;
   init_daemon_domain(perfprofd)
 ')
+
+# Only servicemanager, statsd, su and systemserver can communicate.
+neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
diff --git a/private/statsd.te b/private/statsd.te
index c63cba92b172f343573b30db25456668276d92b6..dfec7a4825758a6149aa6c8bedb65af1b950c58c 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -30,6 +30,9 @@ allow statsd stats_data_file:file create_file_perms;
 binder_call(statsd, appdomain)
 binder_call(statsd, healthd)
 binder_call(statsd, incidentd)
+userdebug_or_eng(`
+  binder_call(statsd, perfprofd)
+')
 binder_call(statsd, statscompanion_service)
 binder_call(statsd, system_server)
 
diff --git a/public/perfprofd.te b/public/perfprofd.te
index d4062aaf974eeb72e6b61afaad53f15ca0eda71c..494e75bed50c8def2efc2d507b66e21b5cea6737 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -113,9 +113,5 @@ userdebug_or_eng(`
 
   # Allow perfprofd to submit to dropbox.
   allow perfprofd dropbox_service:service_manager find;
-  allow perfprofd system_server:binder call;
-
-  # Only servicemanager, su and systemserver can communicate.
-  neverallow domain perfprofd:binder call;
-  neverallow perfprofd { domain -servicemanager -su -system_server }:binder call;
+  binder_call(perfprofd, system_server)
 ')