diff --git a/app.te b/app.te
index a91d75aa16de07c77c18c4ec1610d159d9509117..c7f7c2e898c8d2878d3a2a0de4fd0a194742ee80 100644
--- a/app.te
+++ b/app.te
@@ -70,10 +70,6 @@ allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr ge
 allow { appdomain -isolated_app } app_data_file:dir create_dir_perms;
 allow { appdomain -isolated_app } app_data_file:notdevfile_class_set create_file_perms;
 
-# lib subdirectory of /data/data dir is system-owned.
-allow appdomain system_data_file:dir r_dir_perms;
-allow appdomain system_data_file:file { execute execute_no_trans open execmod };
-
 # Traverse into expanded storage
 allow appdomain mnt_expand_file:dir r_dir_perms;
 
diff --git a/domain.te b/domain.te
index 6efb86dc3c89403237f4ddeb98a82b3df15f969a..c575bdf57676876661a0b8c249e3edf1a0e660a9 100644
--- a/domain.te
+++ b/domain.te
@@ -392,7 +392,6 @@ neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_
 # which, long term, need to go away.
 neverallow * {
   file_type
-  -system_data_file
   -apk_data_file
   -app_data_file
   -asec_public_file