diff --git a/sepolicy/private/untrusted_app.te b/sepolicy/private/untrusted_app.te
deleted file mode 100644
index 478403a4..00000000
--- a/sepolicy/private/untrusted_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow untrusted_app zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/dontaudit.te b/sepolicy/vendor/dontaudit.te
index ad3325be..c0643a51 100644
--- a/sepolicy/vendor/dontaudit.te
+++ b/sepolicy/vendor/dontaudit.te
@@ -1,7 +1,3 @@
-# Apps are no longer allowed open access to /dev/ashmem, unless they
-# target API level < Q.
-dontaudit untrusted_app ashmem_device:chr_file open;
-
 dontaudit adbd self:capability sys_admin;
 dontaudit blkid self:capability sys_admin;
 dontaudit blkid_untrusted self:capability sys_admin;
@@ -30,6 +26,12 @@ dontaudit vendor_pd_mapper self:capability sys_admin;
 dontaudit vendor_toolbox self:capability sys_admin;
 dontaudit vold_prepare_subdirs self:capability sys_admin;
 
+dontaudit untrusted_app zygote:unix_stream_socket  getopt;
+dontaudit untrusted_app_25 zygote:unix_stream_socket getopt;
+dontaudit untrusted_app_27 zygote:unix_stream_socket getopt;
+dontaudit untrusted_app_29 zygote:unix_stream_socket getopt;
+dontaudit untrusted_app_30 zygote:unix_stream_socket getopt;
+
 # Neverallow: no domain should be allowed to ptrace init 
 # at system/sepolicy/public/init.te
 dontaudit crash_dump init:process ptrace;
diff --git a/sepolicy/vendor/untrusted_app.te b/sepolicy/vendor/untrusted_app.te
deleted file mode 100644
index 3221e5a6..00000000
--- a/sepolicy/vendor/untrusted_app.te
+++ /dev/null
@@ -1,33 +0,0 @@
-allow untrusted_app zygote:unix_stream_socket { getopt };
-allow untrusted_app_25 zygote:unix_stream_socket getopt;
-allow untrusted_app_27 zygote:unix_stream_socket getopt;
-allow untrusted_app_29 zygote:unix_stream_socket getopt;
-allow untrusted_app_30 zygote:unix_stream_socket getopt;
-
-# dontaudit
-dontaudit untrusted_app proc_zoneinfo: file { read };
-dontaudit untrusted_app system_lib_file:file { execmod };
-dontaudit untrusted_app proc_version:file { read };
-dontaudit untrusted_app proc_net_tcp_udp:file { read };
-dontaudit untrusted_app selinuxfs:file { read };
-dontaudit untrusted_app serialno_prop:file { read };
-dontaudit untrusted_app app_data_file:file { execute  execute_no_trans };
-dontaudit untrusted_app mnt_vendor_file:dir { search };
-dontaudit untrusted_app proc:file { read };
-dontaudit untrusted_app proc:file { open };
-dontaudit untrusted_app proc_net_tcp_udp:file { open };
-dontaudit untrusted_app_30 system_linker_exec:file { execmod };
-
-allow untrusted_app rootfs:dir { read };
-
-allow untrusted_app proc_kmsg:file { getattr };
-allow untrusted_app proc_keys:file { getattr };
-allow untrusted_app proc_swaps:file { getattr };
-allow untrusted_app proc_modules:file { read };
-
-get_prop(untrusted_app, wifi_hal_prop)
-
-allow untrusted_app rootfs:dir { open };
-allow untrusted_app sysfs:dir { read };
-
-allow untrusted_app block_device:dir { search };