diff --git a/app.te b/app.te
index be47ca55745cc4732fe0b9bfd704eda2bbc9a723..c17c9033614c9427dd270ee9712ecf2180ece9b7 100644
--- a/app.te
+++ b/app.te
@@ -83,7 +83,6 @@ allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdow
allow appdomain shell_data_file:file { write getattr };
# Write to /proc/net/xt_qtaguid/ctrl file.
-allow appdomain proc_net:dir search;
allow appdomain qtaguid_proc:file rw_file_perms;
# Everybody can read the xt_qtaguid resource tracking misc dev.
# So allow all apps to read from /dev/xt_qtaguid.
diff --git a/clatd.te b/clatd.te
index 0492f22db7aea5ec14e122c5fdc63baacded7c84..0371e1462b0c0610ba1b4c7a99167b86a7bc114f 100644
--- a/clatd.te
+++ b/clatd.te
@@ -15,7 +15,6 @@ allow clatd netd:udp_socket { read write };
allow clatd netd:unix_stream_socket { read write };
allow clatd netd:unix_dgram_socket { read write };
-r_dir_file(clatd, proc_net)
allow clatd self:capability { net_admin net_raw setuid setgid };
allow clatd self:netlink_route_socket nlmsg_write;
diff --git a/dhcp.te b/dhcp.te
index 898e3a124d4f2a05a1d623f29c36af5574efee56..32a6cccb147bb811663e2e02ba0ddcf9874ec24c 100644
--- a/dhcp.te
+++ b/dhcp.te
@@ -12,8 +12,7 @@ allow dhcp self:netlink_route_socket nlmsg_write;
allow dhcp shell_exec:file rx_file_perms;
allow dhcp system_file:file rx_file_perms;
# For /proc/sys/net/ipv4/conf/*/promote_secondaries
-allow dhcp proc_net:file rw_file_perms;
-allow dhcp proc_net:dir r_dir_perms;
+allow dhcp proc_net:file write;
allow dhcp dhcp_prop:property_service set;
allow dhcp pan_result_prop:property_service set;
unix_socket_connect(dhcp, property, init)
diff --git a/domain.te b/domain.te
index 1c0a598d7c4a5c466bc6a4b58cd48de705bd98f2..bc5523798467e020074816ef03dab5947d0a7362 100644
--- a/domain.te
+++ b/domain.te
@@ -145,9 +145,8 @@ r_dir_file(domain, sysfs)
r_dir_file(domain, sysfs_devices_system_cpu)
r_dir_file(domain, inotify)
r_dir_file(domain, cgroup)
+r_dir_file(domain, proc_net)
allow domain proc_cpuinfo:file r_file_perms;
-allow domain proc_net:dir search;
-allow domain proc_net_psched:file r_file_perms;
# debugfs access
allow domain debugfs:dir r_dir_perms;
diff --git a/dumpstate.te b/dumpstate.te
index 876eaca03614e13746602cc09c333415fb5d39fb..320b19fa30bbf5d320c235b3ef1ed58c34a3bc53 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -61,7 +61,6 @@ domain_auto_trans(dumpstate, vdc_exec, vdc)
allow dumpstate sysfs:file w_file_perms;
# Other random bits of data we want to collect
-allow dumpstate proc_net:dir search;
allow dumpstate qtaguid_proc:file r_file_perms;
allow dumpstate debugfs:file r_file_perms;
diff --git a/file.te b/file.te
index a0173831e014376889b79245f003bd68813e2c9e..5ac2b66b5bc75f85f88ce83a4c3918bef652e870 100644
--- a/file.te
+++ b/file.te
@@ -12,7 +12,6 @@ type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type;
type proc_cpuinfo, fs_type;
type proc_net, fs_type;
-type proc_net_psched, fs_type;
type proc_sysrq, fs_type;
type selinuxfs, fs_type, mlstrustedobject;
type cgroup, fs_type, mlstrustedobject;
diff --git a/genfs_contexts b/genfs_contexts
index 2f60ad1c50bc0462c5dfed4be154bafbfcadaf25..31b7e4f6441fc06b450b3a6580eb1ff1eb6199c9 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -3,7 +3,6 @@ genfscon rootfs / u:object_r:rootfs:s0
# proc labeling can be further refined (longest matching prefix).
genfscon proc / u:object_r:proc:s0
genfscon proc /net u:object_r:proc_net:s0
-genfscon proc /net/psched u:object_r:proc_net_psched:s0
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
diff --git a/init.te b/init.te
index d81f5afb67f9696fc05f512858202a73ae8243ce..8b0ab422d876af02133f1f7083b25945e1c6c9cf 100644
--- a/init.te
+++ b/init.te
@@ -124,8 +124,7 @@ allow init proc_security:file rw_file_perms;
allow init proc:file w_file_perms;
# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files.
-allow init proc_net:file rw_file_perms;
-allow init proc_net:dir r_dir_perms;
+allow init proc_net:file w_file_perms;
allow init self:capability net_admin;
# Write to /proc/sysrq-trigger.
diff --git a/mediaserver.te b/mediaserver.te
index 6e6c87d5cd2aa1c66be105550dc2da455fa4ba38..ec69aed091cfedf8ddcfcf0aeac660194ec64f5e 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -61,7 +61,6 @@ allow mediaserver audio_data_file:dir ra_dir_perms;
allow mediaserver audio_data_file:file create_file_perms;
# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
-allow mediaserver proc_net:dir search;
allow mediaserver qtaguid_proc:file rw_file_perms;
allow mediaserver qtaguid_device:chr_file r_file_perms;
diff --git a/netd.te b/netd.te
index 96d485ace6618f5dd2c66ad59e918f791cb31fa5..5f4f38cb70c6c1098c4ae941d3f9e0aa55826ca8 100644
--- a/netd.te
+++ b/netd.te
@@ -24,8 +24,7 @@ allow netd system_file:file x_file_perms;
allow netd devpts:chr_file rw_file_perms;
# For /proc/sys/net/ipv[46]/route/flush.
-allow netd proc_net:file rw_file_perms;
-allow netd proc_net:dir r_dir_perms;
+allow netd proc_net:file write;
# For /sys/modules/bcmdhd/parameters/firmware_path
# XXX Split into its own type.
diff --git a/radio.te b/radio.te
index 03d15805a8c242de5d028350509f990f51447d4f..a6aec28e134f2743e30172d5cd5d2980ac74db2b 100644
--- a/radio.te
+++ b/radio.te
@@ -17,7 +17,6 @@ allow radio radio_data_file:notdevfile_class_set create_file_perms;
allow radio alarm_device:chr_file rw_file_perms;
-r_dir_file(radio, proc_net)
allow radio net_data_file:dir search;
allow radio net_data_file:file r_file_perms;
diff --git a/system_server.te b/system_server.te
index bfe5b89b00f49857d9394f27a1b32026feee4dcb..ae9ada2c37e977e2451b43c82dc82fd0b2a3b199 100644
--- a/system_server.te
+++ b/system_server.te
@@ -91,7 +91,6 @@ allow system_server appdomain:file write;
# Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
allow system_server qtaguid_proc:file rw_file_perms;
allow system_server qtaguid_device:chr_file rw_file_perms;
-r_dir_file(system_server, proc_net)
# Write to /proc/sysrq-trigger.
allow system_server proc_sysrq:file rw_file_perms;