diff --git a/public/domain.te b/public/domain.te
index 5f00a82cb74c6563828b224de89c11bfc7cf1516..1c360bcda593f2786cbe9326b86948f445f6193c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -275,36 +275,8 @@ allow domain selinuxfs:filesystem getattr;
 
 # Path resolution access in cgroups.
 allow domain cgroup:dir search;
-allow { coredomain -appdomain } cgroup:dir w_dir_perms;
-allow { coredomain -appdomain } cgroup:file w_file_perms;
-
-# TODO(b/110043362): Clean up cgroup access from app domains.
-allow {
-  # Can not use all_untrusted_apps macro here, so expanding inline.
-  # This list is essentially { appdomain -all_untrusted_apps -priv_app }
-  appdomain
-  -ephemeral_app
-  -isolated_app
-  -mediaprovider
-  -untrusted_app
-  -untrusted_app_25
-  -untrusted_app_27
-  -untrusted_app_all
-  -priv_app
-} cgroup:file w_file_perms;
-userdebug_or_eng(`
-  auditallow appdomain cgroup:file w_file_perms;
-')
-
-# TODO(b/110043362): Clean up cgroup access from non-system domains.
-allow { domain -coredomain } cgroup:file w_file_perms;
-userdebug_or_eng(`
-  auditallow {
-    domain
-    -coredomain
-    -vendor_init
-  } cgroup:file w_file_perms;
-')
+allow { domain -appdomain } cgroup:dir w_dir_perms;
+allow { domain -appdomain } cgroup:file w_file_perms;
 
 # Almost all processes log tracing information to
 # /sys/kernel/debug/tracing/trace_marker