diff --git a/keystore.te b/keystore.te
index f2c5039b00ba5a1742399b93e924a4bc6201a799..700b99ba0fff02ace0167146acbad1574919f96c 100644
--- a/keystore.te
+++ b/keystore.te
@@ -21,8 +21,8 @@ allow keystore tee:unix_stream_socket connectto;
 neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto };
 neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
 
-neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:dir *;
-neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:notdevfile_class_set *;
+neverallow { domain -keystore -init } keystore_data_file:dir *;
+neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
 
 neverallow domain keystore:process ptrace;