diff --git a/domain.te b/domain.te
index fba96f6a809fcdff0272f00eca90e73722b568e7..4917aedf88b9431ad32cf8b664f9a192a2622edf 100644
--- a/domain.te
+++ b/domain.te
@@ -266,7 +266,7 @@ neverallow domain init:binder *;
 
 # Don't allow raw read/write/open access to block_device
 # Rather force a relabel to a more specific type
-neverallow { domain -kernel -init -recovery -vold -uncrypt } block_device:blk_file { open read write };
+neverallow { domain -kernel -init -recovery -uncrypt } block_device:blk_file { open read write };
 
 # Don't allow raw read/write/open access to generic devices.
 # Rather force a relabel to a more specific type.
diff --git a/vold.te b/vold.te
index 5abb2f95eefd19b191d0198381d6b0e00687bb14..5ecb5033fe12cbbc059ec016d765e78cffe632c1 100644
--- a/vold.te
+++ b/vold.te
@@ -28,8 +28,6 @@ allow vold system_file:file x_file_perms;
 allow vold toolbox_exec:file rx_file_perms;
 auditallow vold toolbox_exec:file rx_file_perms;
 allow vold block_device:dir create_dir_perms;
-allow vold block_device:blk_file create_file_perms;
-auditallow vold block_device:blk_file create_file_perms;
 allow vold device:dir write;
 allow vold devpts:chr_file rw_file_perms;
 allow vold rootfs:dir mounton;