diff --git a/public/app.te b/public/app.te
index 7452bc7ad21d87dacd6a103e535ba286b37f7998..ffd647efd73ce721ef80deefa99281dae0eeb194 100644
--- a/public/app.te
+++ b/public/app.te
@@ -188,6 +188,10 @@ allow { appdomain -isolated_app } fuse:dir create_dir_perms;
 allow { appdomain -isolated_app } fuse:file create_file_perms;
 allow { appdomain -isolated_app } sdcardfs:dir create_dir_perms;
 allow { appdomain -isolated_app } sdcardfs:file create_file_perms;
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow { appdomain -isolated_app } media_rw_data_file:dir create_dir_perms;
+allow { appdomain -isolated_app } media_rw_data_file:file create_file_perms;
 
 # Access OBBs (vfat images) mounted by vold (b/17633509)
 # File write access allowed for FDs returned through Storage Access Framework
diff --git a/public/bluetooth.te b/public/bluetooth.te
index 332d2ab3c0db2949add245d0e55c94ff265a3da4..738d9c2069f857fd41b9da8ff5eeb22c3c757398 100644
--- a/public/bluetooth.te
+++ b/public/bluetooth.te
@@ -58,12 +58,6 @@ unix_socket_connect(bluetooth, sap_uim, rild)
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
-# Access to /data/media.
-# This should be removed if sdcardfs is modified to alter the secontext for its
-# accesses to the underlying FS.
-allow bluetooth media_rw_data_file:dir create_dir_perms;
-allow bluetooth media_rw_data_file:file create_file_perms;
-
 ###
 ### Neverallow rules
 ###
diff --git a/public/shell.te b/public/shell.te
index e1a1262762a58125bae615d084bbeb7801e4398a..a39b39ffd25f4911fc97f242a13c15bf13f7e20d 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -129,12 +129,6 @@ allow shell sysfs:dir r_dir_perms;
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;
 
-# Access to /data/media.
-# This should be removed if sdcardfs is modified to alter the secontext for its
-# accesses to the underlying FS.
-allow shell media_rw_data_file:dir create_dir_perms;
-allow shell media_rw_data_file:file create_file_perms;
-
 #
 # filesystem test for insecure chr_file's is done
 # via a host side test