diff --git a/kernel.te b/kernel.te
index ed6b7ba0ad6450e99e26a90a5ded534f4c3304c1..05838afd7d7b3b05ee4be9a70b74a3c39e55911e 100644
--- a/kernel.te
+++ b/kernel.te
@@ -42,10 +42,7 @@ allow kernel self:security setcheckreqprot;
 
 # MTP sync (b/15835289)
 # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
-allow kernel { priv_app untrusted_app }:fd use;
-# privileged apps have moved to the priv_app domain. Determine
-# if this permission is still needed. b/25331459
-auditallow kernel untrusted_app:fd use;
+allow kernel priv_app:fd use;
 allow kernel sdcard_type:file { read write };
 
 # Allow the kernel to read OBB files from app directories. (b/17428116)