diff --git a/public/app.te b/public/app.te
index fe9ad52ee59f683bef4f49140d51329449296aee..a443bbce0d35b05b37d1444f7c5f1ba360787514 100644
--- a/public/app.te
+++ b/public/app.te
@@ -249,7 +249,8 @@ allow { appdomain -isolated_app } hal_graphics_allocator:fd use;
 allow appdomain proc_meminfo:file r_file_perms;
 
 # For app fuse.
-allow appdomain app_fuse_file:file { getattr read append write };
+allow appdomain app_fuse_file:dir rw_dir_perms;
+allow appdomain app_fuse_file:file rw_file_perms;
 
 ###
 ### CTS-specific rules
diff --git a/public/priv_app.te b/public/priv_app.te
index 04a050936d29280ff2f32ba61da0104f50385d38..17b19cddef59fabd5221e533959e63acd77c99f5 100644
--- a/public/priv_app.te
+++ b/public/priv_app.te
@@ -79,8 +79,6 @@ allow priv_app exec_type:file { getattr read open };
 # For AppFuse.
 allow priv_app vold:fd use;
 allow priv_app fuse_device:chr_file { read write };
-allow priv_app app_fuse_file:dir rw_dir_perms;
-allow priv_app app_fuse_file:file rw_file_perms;
 
 # /sys and /proc access
 r_dir_file(priv_app, sysfs_type)