diff --git a/private/system_server.te b/private/system_server.te
index a1c4a1f3aaedd2bb47f0915c02355241f87a675e..4cf4171b9b8453c59434722d10f17a14d452d5b7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -17,11 +17,8 @@ allow system_server zygote_tmpfs:file read;
 
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;
-allow system_server dalvikcache_data_file:file { r_file_perms execute };
-userdebug_or_eng(`
-  # Report dalvikcache_data_file:file execute violations.
-  auditallow system_server dalvikcache_data_file:file execute;
-')
+allow system_server dalvikcache_data_file:file r_file_perms;
+
 # When running system server under --invoke-with, we'll try to load the boot image under the
 # system server domain, following links to the system partition.
 with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;')
diff --git a/public/domain.te b/public/domain.te
index c528871bdd47fc4255d3682aefdd4a4682527441..794fd454bcc174da7df7cc33c90df5276d3babf2 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -355,7 +355,6 @@ neverallow {
     -dumpstate
     -shell
     userdebug_or_eng(`-su')
-    -system_server
     -webview_zygote
     -zygote
 } {