diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 46c7e2225c10bba5db76ab0b5f7da4d1743c08fa..26fe3d0e2abb7905613fae21f3578b9ac2251d4a 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -113,6 +113,9 @@ neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
 # Avoid all access to kernel configuration
 neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
 
+# Only system_server can access proc_uid_time_in_state
+neverallow { domain -init -system_server } proc_uid_time_in_state:file *;
+
 # Do not allow untrusted apps access to preloads data files
 neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;