diff --git a/private/app.te b/private/app.te
index 47412132b9787859ff94162189e39442d3ad84a6..2eaa8e4bfc92b453032bd7e57306dbe843a8506f 100644
--- a/private/app.te
+++ b/private/app.te
@@ -121,13 +121,6 @@ allow appdomain shell_data_file:file { write getattr };
 # Write profiles /data/misc/profiles
 allow appdomain user_profile_data_file:dir { search write add_name };
 allow appdomain user_profile_data_file:file create_file_perms;
-# Profiles for foreign dex files are just markers and only need create permissions.
-allow appdomain user_profile_foreign_dex_data_file:dir { search write add_name };
-allow appdomain user_profile_foreign_dex_data_file:file create;
-# There is no way to create user_profile_foreign_dex_data_file without
-# generating open/read denials. These permissions should not be granted and the
-# denial is harmless. dontaudit to suppress the denial.
-dontaudit appdomain user_profile_foreign_dex_data_file:file { open read };
 
 # Send heap dumps to system_server via an already open file descriptor
 # % adb shell am set-watch-heap com.android.systemui 1048576
@@ -471,10 +464,6 @@ neverallow {
   -apk_data_file
 }:file no_x_file_perms;
 
-# Foreign dex profiles are just markers. Prevent apps to do anything but touch them.
-neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;
-neverallow appdomain user_profile_foreign_dex_data_file:dir { open getattr read ioctl remove_name };
-
 # Applications should use the activity model for receiving events
 neverallow {
   appdomain
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 565936aa7c7c3b57504c90c448caf1c83ee9a3f6..2f8066ab0ad6243af7f4541189e2f6a9a59a7406 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -81,7 +81,6 @@ neverallow all_untrusted_apps {
   -media_rw_data_file       # Internal storage. Known that apps can
                             # leave artfacts here after uninstall.
   -user_profile_data_file   # Access to profile files
-  -user_profile_foreign_dex_data_file   # Access to profile files
   userdebug_or_eng(`
     -method_trace_data_file # only on ro.debuggable=1
     -coredump_file          # userdebug/eng only
diff --git a/private/file_contexts b/private/file_contexts
index 4f27bcbda5f5fb581c6e9171ea221be392e2076d..03ab637d283fbbbe12ca1c7ba67592963408fbb4 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -334,7 +334,6 @@
 # TODO(calin) label profile reference differently so that only
 # profman run as a special user can write to them
 /data/misc/profiles/cur(/.*)?       u:object_r:user_profile_data_file:s0
-/data/misc/profiles/cur/[0-9]+/foreign-dex(/.*)? u:object_r:user_profile_foreign_dex_data_file:s0
 /data/misc/profiles/ref(/.*)?       u:object_r:user_profile_data_file:s0
 /data/misc/profman(/.*)?        u:object_r:profman_dump_data_file:s0
 
diff --git a/private/system_server.te b/private/system_server.te
index f26332c4395ac3038fc57cc4a1324c8e7294cd2a..294ceb4fec0baa8ca56372732456767ece0a2f3e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -22,13 +22,6 @@ type_transition system_server wpa_socket:sock_file system_wpa_socket;
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 allow system_server dalvikcache_data_file:file { r_file_perms execute };
 
-# Enable system server to check the foreign dex usage markers.
-# We need search on top level directories so that we can get to the files
-allow system_server user_profile_data_file:dir search;
-allow system_server user_profile_data_file:file getattr;
-allow system_server user_profile_foreign_dex_data_file:dir { add_name open read write search remove_name };
-allow system_server user_profile_foreign_dex_data_file:file { getattr rename unlink };
-
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;
 allow system_server resourcecache_data_file:dir r_dir_perms;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 1b8538cc498e86db64226ece0657f9189d729212..80161deb04814917c42ed6bc4c2f73b130b0977b 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -155,8 +155,6 @@ allow dumpstate recovery_data_file:file r_file_perms;
 userdebug_or_eng(`
   allow dumpstate user_profile_data_file:dir r_dir_perms;
   allow dumpstate user_profile_data_file:file r_file_perms;
-  allow dumpstate user_profile_foreign_dex_data_file:dir r_dir_perms;
-  allow dumpstate user_profile_foreign_dex_data_file:file r_file_perms;
 ')
 
 # Access /data/misc/logd
diff --git a/public/file.te b/public/file.te
index 6aecab48f42d8c7f093ae4c2b556379bb5de55a9..72f30f463d406865eef0a085674cd994885a496b 100644
--- a/public/file.te
+++ b/public/file.te
@@ -113,7 +113,6 @@ type ota_data_file, file_type, data_file_type;
 type ota_package_file, file_type, data_file_type, mlstrustedobject;
 # /data/misc/profiles
 type user_profile_data_file, file_type, data_file_type, mlstrustedobject;
-type user_profile_foreign_dex_data_file, file_type, data_file_type, mlstrustedobject;
 # /data/misc/profman
 type profman_dump_data_file, file_type, data_file_type;
 # /data/resource-cache
diff --git a/public/installd.te b/public/installd.te
index 3b4fd2e265500e62b95dba9adeb6b03de97d706f..5e0ccc437d60d2221990188b0ae3d78f8a16ffe1 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -104,8 +104,6 @@ allow installd user_profile_data_file:dir create_dir_perms;
 allow installd user_profile_data_file:file create_file_perms;
 allow installd user_profile_data_file:dir rmdir;
 allow installd user_profile_data_file:file unlink;
-allow installd user_profile_foreign_dex_data_file:dir { add_name getattr rmdir open read write search remove_name };
-allow installd user_profile_foreign_dex_data_file:file { getattr rename unlink };
 
 # Files created/updated by profman dumps.
 allow installd profman_dump_data_file:dir { search add_name write };
diff --git a/public/vold.te b/public/vold.te
index cda6424bc75c5b2d3c0d2b40574eec9ce932283b..7e8be29f6e4e9fb22f4402dc9a530d414bfb127e 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -169,7 +169,6 @@ allow vold toolbox_exec:file rx_file_perms;
 
 # Prepare profile dir for users.
 allow vold user_profile_data_file:dir create_dir_perms;
-allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };
 
 # Raw writes to misc block device
 allow vold misc_block_device:blk_file w_file_perms;