diff --git a/private/file_contexts b/private/file_contexts
index 90f7bbf4476d898226e2edc63344b903790ab248..876a17b0b0ecefbbf2c90bd66088bcb2edded036 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -78,7 +78,7 @@
 /dev/cam		u:object_r:camera_device:s0
 /dev/console		u:object_r:console_device:s0
 /dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
-/dev/memcg(/.*)?        u:object_r:memcg_device:s0
+/dev/memcg(/.*)?        u:object_r:cgroup:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0
diff --git a/public/device.te b/public/device.te
index a5edcc13cf289ffdfe74809f2e91d66962c15b5c..475948da02be54e7574fc6326261d564915b6a06 100644
--- a/public/device.te
+++ b/public/device.te
@@ -21,7 +21,6 @@ type rtc_device, dev_type;
 type vold_device, dev_type;
 type console_device, dev_type;
 type cpuctl_device, dev_type;
-type memcg_device, dev_type;
 type fscklogs, dev_type;
 type full_device, dev_type;
 # GPU (used by most UI apps)
diff --git a/public/domain.te b/public/domain.te
index 0c474b85dce4af5f51bb40e9eca2eb2108709e9e..3dae729c50c6d07f3db5c87cc1e541d682e783fc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -226,10 +226,6 @@ with_asan(`allow domain system_data_file:dir getattr;')
 ### neverallow rules
 ###
 
-# Don't allow others to access memcg.
-neverallow { domain -init -lmkd -shell -ueventd } memcg_device:dir *;
-neverallow { domain -init -lmkd -ueventd } memcg_device:file *;
-
 # All socket ioctls must be restricted to a whitelist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 
diff --git a/public/init.te b/public/init.te
index 2271618d40039c5c15c8ab80ff5c5b827c023b09..1903cfd74a830e8d08b9bb59b2950e9d87599c1e 100644
--- a/public/init.te
+++ b/public/init.te
@@ -81,7 +81,6 @@ allow init tmpfs:dir mounton;
 allow init cgroup:dir create_dir_perms;
 r_dir_file(init, cgroup)
 allow init cpuctl_device:dir { create mounton };
-allow init memcg_device:dir { create mounton };
 
 # /config
 allow init configfs:dir mounton;
diff --git a/public/lmkd.te b/public/lmkd.te
index c2dcadd5ff83cbecccad5030959ee9b67de8e31d..f4e6c2d57091273592e66cabbcfa5f51bac20b32 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -21,9 +21,6 @@ allow lmkd system_server:file write;
 r_dir_file(lmkd, sysfs_type)
 allow lmkd sysfs_lowmemorykiller:file w_file_perms;
 
-allow lmkd memcg_device:dir search;
-allow lmkd memcg_device:file rw_file_perms;
-
 # Send kill signals
 allow lmkd appdomain:process sigkill;
 
@@ -35,8 +32,6 @@ allow lmkd self:capability sys_nice;
 
 allow lmkd proc_zoneinfo:file r_file_perms;
 
-r_dir_file(lmkd, cgroup)
-
 ### neverallow rules
 
 # never honor LD_PRELOAD