diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 3e58ccf98b7e3a8197095428ba8f9f59e42809ed..b4a21814b00863e0f08a472b2529f1701685a5a8 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -14,14 +14,6 @@
 net_domain(ephemeral_app)
 app_domain(ephemeral_app)
 
-# App sandbox file accesses.
-allow ephemeral_app ephemeral_data_file:dir create_dir_perms;
-allow ephemeral_app ephemeral_data_file:{ file sock_file fifo_file } create_file_perms;
-
-# Allow apps to read/execute installed binaries
-allow ephemeral_app ephemeral_apk_data_file:dir r_dir_perms;
-allow ephemeral_app ephemeral_apk_data_file:file { r_file_perms execute };
-
 # Allow ephemeral apps to read/write files in visible storage if provided fds
 allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr ioctl lock append};
 
@@ -36,7 +28,7 @@ allow ephemeral_app app_api_service:service_manager find;
 ###
 
 # Executable content should never be loaded from an ephemeral app home directory.
-neverallow ephemeral_app ephemeral_data_file:file { execute execute_no_trans };
+neverallow ephemeral_app app_data_file:file { execute execute_no_trans };
 
 # Receive or send uevent messages.
 neverallow ephemeral_app domain:netlink_kobject_uevent_socket *;
diff --git a/private/file_contexts b/private/file_contexts
index aa495ec567d9966d75c87b6e69d79a54d90d96da..0bf16c8ce7b97114e76429511221ce32e14530da 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -304,10 +304,6 @@
 /data/app/vmdl[^/]+\.tmp/oat(/.*)?           u:object_r:dalvikcache_data_file:s0
 /data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
-/data/app-ephemeral(/.*)?             u:object_r:ephemeral_apk_data_file:s0
-/data/app-ephemeral/[^/]+/oat(/.*)?   u:object_r:dalvikcache_data_file:s0
-/data/app-ephemeral/vmdl[^/]+\.tmp(/.*)?           u:object_r:ephemeral_apk_tmp_file:s0
-/data/app-ephemeral/vmdl[^/]+\.tmp/oat(/.*)?           u:object_r:dalvikcache_data_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
diff --git a/private/platform_app.te b/private/platform_app.te
index 674784846eaaec4e891cdc3e1b06d1d2a63e63bc..dde1c7181fc52f7d8e85f676616af4fa44a61ccb 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -14,10 +14,10 @@ bluetooth_domain(platform_app)
 allow platform_app shell_data_file:dir search;
 allow platform_app shell_data_file:file { open getattr read };
 allow platform_app icon_file:file { open getattr read };
-# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp, /data/app-ephemeral/vmdl*.tmp files
+# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
 # created by system server.
-allow platform_app { apk_tmp_file apk_private_tmp_file ephemeral_apk_tmp_file}:dir rw_dir_perms;
-allow platform_app { apk_tmp_file apk_private_tmp_file ephemeral_apk_tmp_file}:file rw_file_perms;
+allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
+allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
 allow platform_app apk_private_data_file:dir search;
 # ASEC
 allow platform_app asec_apk_file:dir create_dir_perms;
@@ -56,8 +56,4 @@ allow platform_app vr_manager_service:service_manager find;
 allow platform_app preloads_data_file:file r_file_perms;
 allow platform_app preloads_data_file:dir r_dir_perms;
 
-# Access to ephemeral APKs
-allow platform_app ephemeral_apk_data_file:dir r_dir_perms;
-allow platform_app ephemeral_apk_data_file:file r_file_perms;
-
 read_runtime_log_tags(platform_app)
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 85980e9e4088a62c3c5212a2dc5a63487d465f40..0a30829bd4332e481ec4fb7207ab1adb074c4917 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -94,6 +94,6 @@ user=shared_relro domain=shared_relro
 user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
-user=_app isEphemeralApp=true domain=ephemeral_app type=ephemeral_data_file levelFrom=all
+user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
 user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
 user=_app domain=untrusted_app type=app_data_file levelFrom=user
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index b5cab2c0ca94a83fdd801c8af2d94238df3fb6e5..b5a3af9c93bbf8dd413412546ca16b0456441b99 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -79,7 +79,6 @@ neverallow webview_zygote {
     nfc_data_file
     radio_data_file
     shell_data_file
-    ephemeral_data_file
 }:file { rwx_file_perms };
 
 neverallow webview_zygote {
diff --git a/public/adbd.te b/public/adbd.te
index f0df8b1583231c6884bd8a455665527b91e0102f..e3b0ebbe6b9c1d9d0a01e60ab28a6c809b602c23 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -82,8 +82,8 @@ userdebug_or_eng(`
 ')
 
 # ndk-gdb invokes adb forward to forward the gdbserver socket.
-allow adbd { app_data_file ephemeral_data_file }:dir search;
-allow adbd { app_data_file ephemeral_data_file }:sock_file write;
+allow adbd app_data_file:dir search;
+allow adbd app_data_file:sock_file write;
 allow adbd appdomain:unix_stream_socket connectto;
 
 # ndk-gdb invokes adb pull of app_process, linker, and libc.so.
diff --git a/public/dex2oat.te b/public/dex2oat.te
index f4a7418c3c6368d7f5cbee7fece4a10214d51e3e..e5472960f9ed43441c15c864f23c924db72196b1 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -2,7 +2,7 @@
 type dex2oat, domain, domain_deprecated;
 type dex2oat_exec, exec_type, file_type;
 
-r_dir_file(dex2oat, {apk_data_file ephemeral_apk_data_file})
+r_dir_file(dex2oat, apk_data_file)
 
 allow dex2oat tmpfs:file { read getattr };
 
@@ -19,7 +19,7 @@ allow dex2oat installd:fd use;
 allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
-allow dex2oat {apk_tmp_file ephemeral_apk_tmp_file}:file read;
+allow dex2oat apk_tmp_file:file read;
 allow dex2oat user_profile_data_file:file { getattr read lock };
 
 # Allow dex2oat to compile app's secondary dex files which were reported back to
diff --git a/public/domain.te b/public/domain.te
index 86890172840b82e2fab2efbdcfd2cca61c9d73e6..8bdd54804cbf02e9d429e828bdb8ed3e1d3900cc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -309,7 +309,6 @@ neverallow {
   -dalvikcache_data_file
   -system_data_file # shared libs in apks
   -apk_data_file
-  -ephemeral_apk_data_file
 }:file no_x_file_perms;
 
 neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
diff --git a/public/drmserver.te b/public/drmserver.te
index 453ce12135d2a56bbc2b34fe657ed9d832f827a2..825e828bfaa685a03c3dd1554f7b67958eb8bd79 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -21,7 +21,7 @@ allow drmserver sdcard_type:dir search;
 allow drmserver drm_data_file:dir create_dir_perms;
 allow drmserver drm_data_file:file create_file_perms;
 allow drmserver tee_device:chr_file rw_file_perms;
-allow drmserver { app_data_file ephemeral_data_file}:file { read write getattr };
+allow drmserver app_data_file:file { read write getattr };
 allow drmserver sdcard_type:file { read write getattr };
 r_dir_file(drmserver, efs_file)
 
diff --git a/public/file.te b/public/file.te
index c48e04eded543af467e3c396e29ab866085b3859..e562798207021561d22924f78896a5447cfe48fc 100644
--- a/public/file.te
+++ b/public/file.te
@@ -103,9 +103,6 @@ type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
 # /data/app-private - forward-locked apps
 type apk_private_data_file, file_type, data_file_type;
 type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
-# /data/app-ephemeral - ephemeral apps
-type ephemeral_apk_data_file, file_type, data_file_type;
-type ephemeral_apk_tmp_file, file_type, data_file_type, mlstrustedobject;
 # /data/dalvik-cache
 type dalvikcache_data_file, file_type, data_file_type;
 # /data/ota
@@ -181,7 +178,6 @@ type method_trace_data_file, file_type, data_file_type, mlstrustedobject;
 
 # /data/data subdirectories - app sandboxes
 type app_data_file, file_type, data_file_type;
-type ephemeral_data_file, file_type, data_file_type;
 # /data/data subdirectory for system UID apps.
 type system_app_data_file, file_type, data_file_type, mlstrustedobject;
 # Compatibility with type name used in Android 4.3 and 4.4.
diff --git a/public/installd.te b/public/installd.te
index 08255a4c07c33ab3e0d07f37b4c17529a0fdc630..08c438d6f11bcc70ed0c985a0eeb2105fea62303 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -9,13 +9,13 @@ allow installd dalvikcache_data_file:dir relabelto;
 allow installd dalvikcache_data_file:file { relabelto link };
 
 # Allow movement of APK files between volumes
-allow installd {apk_data_file ephemeral_apk_data_file}:dir { create_dir_perms relabelfrom };
-allow installd {apk_data_file ephemeral_apk_data_file}:file { create_file_perms relabelfrom link };
-allow installd {apk_data_file ephemeral_apk_data_file}:lnk_file { create r_file_perms unlink };
+allow installd apk_data_file:dir { create_dir_perms relabelfrom };
+allow installd apk_data_file:file { create_file_perms relabelfrom link };
+allow installd apk_data_file:lnk_file { create r_file_perms unlink };
 
 allow installd asec_apk_file:file r_file_perms;
-allow installd {apk_tmp_file ephemeral_apk_tmp_file}:file { r_file_perms unlink };
-allow installd {apk_tmp_file ephemeral_apk_tmp_file}:dir { relabelfrom create_dir_perms };
+allow installd apk_tmp_file:file { r_file_perms unlink };
+allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
 allow installd oemfs:dir r_dir_perms;
 allow installd oemfs:file r_file_perms;
 allow installd cgroup:dir create_dir_perms;
@@ -88,7 +88,6 @@ allow installd {
     radio_data_file
     shell_data_file
     app_data_file
-    ephemeral_data_file
 }:dir { create_dir_perms relabelfrom relabelto };
 
 allow installd {
@@ -98,7 +97,6 @@ allow installd {
     radio_data_file
     shell_data_file
     app_data_file
-    ephemeral_data_file
 }:notdevfile_class_set { create_file_perms relabelfrom relabelto };
 
 # Similar for the files under /data/misc/profiles/
diff --git a/public/system_server.te b/public/system_server.te
index 24262832a7255b46bc3352f68319366c5d77013c..78784b71f93d6feb4388deb532465df83bfe4408 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -272,12 +272,6 @@ allow system_server apk_private_data_file:file create_file_perms;
 allow system_server apk_private_tmp_file:dir create_dir_perms;
 allow system_server apk_private_tmp_file:file create_file_perms;
 
-# Manage /data/app-ephemeral
-allow system_server ephemeral_apk_data_file:dir create_dir_perms;
-allow system_server ephemeral_apk_data_file:file create_file_perms;
-allow system_server ephemeral_apk_tmp_file:dir create_dir_perms;
-allow system_server ephemeral_apk_tmp_file:file create_file_perms;
-
 # Manage files within asec containers.
 allow system_server asec_apk_file:dir create_dir_perms;
 allow system_server asec_apk_file:file create_file_perms;
@@ -326,7 +320,7 @@ allow system_server zoneinfo_data_file:file create_file_perms;
 
 # Walk /data/data subdirectories.
 # Types extracted from seapp_contexts type= fields.
-allow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file ephemeral_data_file }:dir { getattr read search };
+allow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { getattr read search };
 # Also permit for unlabeled /data/data subdirectories and
 # for unlabeled asec containers on upgrades from 4.2.
 allow system_server unlabeled:dir r_dir_perms;
@@ -349,8 +343,8 @@ allow system_server media_rw_data_file:dir { search getattr open read };
 allow system_server media_rw_data_file:file { getattr read write append };
 
 # Relabel apk files.
-allow system_server { apk_tmp_file apk_private_tmp_file ephemeral_apk_tmp_file }:{ dir file } { relabelfrom relabelto };
-allow system_server { apk_data_file apk_private_data_file ephemeral_apk_data_file}:{ dir file } { relabelfrom relabelto };
+allow system_server { apk_tmp_file apk_private_tmp_file }:{ dir file } { relabelfrom relabelto };
+allow system_server { apk_data_file apk_private_data_file }:{ dir file } { relabelfrom relabelto };
 
 # Relabel wallpaper.
 allow system_server system_data_file:file relabelfrom;