diff --git a/domain.te b/domain.te
index 6be7dddf4802869ce75c1f3997baf0883076cd4b..47ad05a3a7314debb1ec20fe8292d28b898494ce 100644
--- a/domain.te
+++ b/domain.te
@@ -83,6 +83,9 @@ allow domain cache_file:lnk_file read;
 allow domain cgroup:dir { search write };
 allow domain cgroup:file w_file_perms;
 
+#Allow access to ion memory allocation device
+allow domain ion_device:chr_file rw_file_perms;
+
 # For /sys/qemu_trace files in the emulator.
 bool in_qemu false;
 if (in_qemu) {
diff --git a/mediaserver.te b/mediaserver.te
index e124db052b9147bd74131251a13823d0f4771b64..4b299a025b5bc73645cd3c414cbcfa712aba45fd 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -25,7 +25,6 @@ allow mediaserver qemu_device:chr_file rw_file_perms;
 allow mediaserver sysfs:file rw_file_perms;
 # XXX Why?
 allow mediaserver apk_data_file:file { read getattr };
-allow mediaserver ion_device:chr_file rw_file_perms;
 
 # To use remote processor
 allow mediaserver rpmsg_device:chr_file rw_file_perms;