diff --git a/domain.te b/domain.te
index 86aeb07d8fc2963889c65e50902a87aace0a304b..fcb813af58e0f27bfacbcf76e579aaf6cbf51f55 100644
--- a/domain.te
+++ b/domain.te
@@ -254,7 +254,7 @@ neverallow domain init:binder *;
 
 # Don't allow raw read/write/open access to block_device
 # Rather force a relabel to a more specific type
-neverallow { domain -kernel -init -recovery -vold -uncrypt -install_recovery -fsck } block_device:blk_file { open read write };
+neverallow { domain -kernel -init -recovery -vold -uncrypt -install_recovery } block_device:blk_file { open read write };
 
 # Don't allow raw read/write/open access to generic devices.
 # Rather force a relabel to a more specific type.
diff --git a/fsck.te b/fsck.te
index dd696d51e3c184764dc5b18855552d2562a747aa..b4eb6988414ddabe50507ef42d8e0d6f53039542 100644
--- a/fsck.te
+++ b/fsck.te
@@ -13,10 +13,6 @@ allow fsck tmpfs:chr_file { read write ioctl };
 allow fsck devpts:chr_file { read write ioctl getattr };
 
 # Run e2fsck on block devices.
-# TODO:  Assign userdata and cache block device types to the corresponding
-# block devices in all device policies, and then remove access to
-# block_device:blk_file from here.
-allow fsck block_device:blk_file rw_file_perms;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;