diff --git a/Android.mk b/Android.mk
index 33337a6f911a747401c9542b1d0056474dcc6710..8c4237071d7faa9d1c66e18b46ceefca2f075a74 100644
--- a/Android.mk
+++ b/Android.mk
@@ -5,7 +5,7 @@ include $(CLEAR_VARS)
 # SELinux policy version.
 # Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
 # Must be within the compatibility range reported by checkpolicy -V.
-POLICYVERS ?= 30
+POLICYVERS ?= 29
 
 MLS_SENS=1
 MLS_CATS=1024
diff --git a/isolated_app.te b/isolated_app.te
index 330f0af3861b0554604c86d0d02a84ea53766ebc..ef68986820b363262f20fe7741ec6ff97fdfd047 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,9 +18,6 @@ allow isolated_app app_data_file:file { read write getattr lock };
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 #####
 ##### Neverallow
 #####
diff --git a/untrusted_app.te b/untrusted_app.te
index eb518e32c45ee670948f9cfea6530eb1c48e0ed7..d5c78e9f1068d3fe9410ff2e5c32cbff26eeb146 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -97,9 +97,6 @@ allow untrusted_app persistent_data_block_service:service_manager find;
 allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
 allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
 
-# only allow unprivileged socket ioctl commands
-allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Allow GMS core to access perfprofd output, which is stored
 # in /data/misc/perfprofd/. GMS core will need to list all
 # data stored in that directory to process them one by one.