diff --git a/kernel.te b/kernel.te
index ffefdf335ef367a8c09bb437cde59c753f4a8e28..31da2af2761e5927f24394231e9cdda0dc8af024 100644
--- a/kernel.te
+++ b/kernel.te
@@ -43,6 +43,9 @@ allow kernel self:security setcheckreqprot;
 # MTP sync (b/15835289)
 # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
 allow kernel { priv_app untrusted_app }:fd use;
+# privileged apps have moved to the priv_app domain. Determine
+# if this permission is still needed. b/25331459
+auditallow kernel untrusted_app:fd use;
 allow kernel sdcard_type:file { read write };
 
 # Allow the kernel to read OBB files from app directories. (b/17428116)