diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 687ce7d23c0821119b040f16a6b2f1b20266ab6c..9c762a1e8cca2d26438a859410724bb70becfe0b 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -5,7 +5,15 @@
 # Only allow domains in AOSP to use the untrusted_app_all attribute.
 neverallow { untrusted_app_all -untrusted_app -untrusted_app_25 } domain:process fork;
 
-define(`all_untrusted_apps',`{ untrusted_app_all untrusted_app_25 untrusted_app ephemeral_app isolated_app mediaprovider }')
+define(`all_untrusted_apps',`{
+  ephemeral_app
+  isolated_app
+  mediaprovider
+  untrusted_app
+  untrusted_app_25
+  untrusted_app_all
+  untrusted_v2_app
+}')
 # Receive or send uevent messages.
 neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;