diff --git a/app.te b/app.te
index cfb13b95e4e1a5e2fd55bf05e0337d32ac966676..097224472b0cf1efaff506c82ed203861aece76d 100644
--- a/app.te
+++ b/app.te
@@ -91,7 +91,7 @@ allow appdomain qtaguid_device:chr_file r_file_perms;
 
 # Grant GPU access to all processes started by Zygote.
 # They need that to render the standard UI.
-allow { appdomain -isolated_app } gpu_device:chr_file { rw_file_perms execute };
+allow appdomain gpu_device:chr_file { rw_file_perms execute };
 
 # Use the Binder.
 binder_use(appdomain)
diff --git a/isolated_app.te b/isolated_app.te
index 627d0a0e140188139e368b438d7573a5a86ee639..f6183aa67419f75f69fd3f0fe7418e9deac30d86 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,9 +18,6 @@ allow isolated_app app_data_file:file { read write getattr };
 # Isolated apps should not directly open app data files themselves.
 neverallow isolated_app app_data_file:file open;
 
-# Isolated apps shouldn't be able to access the driver directly.
-neverallow isolated_app gpu_device:file { rw_file_perms execute };
-
 allow isolated_app radio_service:service_manager find;
 allow isolated_app surfaceflinger_service:service_manager find;
 allow isolated_app system_server_service:service_manager find;