diff --git a/private/rs.te b/private/rs.te
index 5aa2d540e63834c9f921547dd70826701ff92961..7fbea8cd772df34296fb4fd035b7d9f225c6f854 100644
--- a/private/rs.te
+++ b/private/rs.te
@@ -28,3 +28,12 @@ allow rs same_process_hal_file:file { r_file_perms execute };
 
 # File descriptors passed from app to renderscript
 allow rs untrusted_app_all:fd use;
+
+# rs can access app data, so ensure it can only be entered via an app domain and cannot have
+# CAP_DAC_OVERRIDE.
+neverallow rs rs:capability_class_set *;
+neverallow { domain -appdomain } rs:process { dyntransition transition };
+neverallow rs { domain -crash_dump }:process { dyntransition transition };
+neverallow rs app_data_file:file_class_set ~r_file_perms;
+# rs should never use network sockets
+neverallow rs *:network_socket_class_set *;
diff --git a/public/global_macros b/public/global_macros
index 962bca95e91725a03ff62b18cf429d25ae014691..1a1d593b3eed00676ac2f88e208bc1f557238e43 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -14,6 +14,7 @@ define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_
 define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
 define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }')
 define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }')
+define(`network_socket_class_set', `{ icmp_socket rawip_socket tcp_socket udp_socket }')
 
 define(`ipc_class_set', `{ sem msgq shm ipc }')