diff --git a/app.te b/app.te
index d33bac1ec7f9394813a2f1eb9ba378ab44958d79..c8455f445c4ee9cbb16a8d33003d7b6eefd95a12 100644
--- a/app.te
+++ b/app.te
@@ -233,6 +233,9 @@ allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
 
 allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
 
+# TODO: switch to meminfo service
+allow appdomain proc_meminfo:file r_file_perms;
+
 # For app fuse.
 allow appdomain app_fuse_file:file { getattr read append write };
 
diff --git a/isolated_app.te b/isolated_app.te
index 978982aa5efab29f61ae513dbb93d69cd7599aa4..53dfbc48301ada05c6023ba6f53d396aa2157902 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -9,7 +9,7 @@
 ### additional following rules:
 ###
 
-type isolated_app, domain, domain_deprecated;
+type isolated_app, domain;
 app_domain(isolated_app)
 
 # Access already open app data files received over Binder or local socket IPC.
diff --git a/untrusted_app.te b/untrusted_app.te
index b39ace0bcb691ce871467fb20c604952e6753413..c0b32809028fabc2cae8994087b029e9fd89e3bf 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -89,9 +89,6 @@ userdebug_or_eng(`
 # gdbserver for ndk-gdb ptrace attaches to app process.
 allow untrusted_app self:process ptrace;
 
-# TODO: switch to meminfo service
-allow untrusted_app proc_meminfo:file r_file_perms;
-
 # access /proc/net/xt_qtguid/stats
 r_dir_file(untrusted_app, proc_net)