diff --git a/app.te b/app.te
index 5b8fde6fcf51cc3c48e4fec61a0275835b1c1651..2d6416f3e71ba5d349413201d38ae0594ae04717 100644
--- a/app.te
+++ b/app.te
@@ -116,8 +116,8 @@ allow appdomain radio_data_file:file { read write getattr };
 allow untrusted_app system_app_data_file:file { read write getattr };
 
 # Access SDcard via the fuse mount.
-allow appdomain sdcard_internal:dir create_dir_perms;
-allow appdomain sdcard_internal:file create_file_perms;
+allow appdomain fuse:dir create_dir_perms;
+allow appdomain fuse:file create_file_perms;
 
 # Allow apps to use the USB Accessory interface.
 # http://developer.android.com/guide/topics/connectivity/usb/accessory.html
diff --git a/file.te b/file.te
index eb7cb90478d42ac7c4ce488d4e739c4cb8ee6845..99c3839756104cdc6b72ff8b0ae16186b7bbc6e9 100644
--- a/file.te
+++ b/file.te
@@ -28,8 +28,10 @@ type devpts, fs_type, mlstrustedobject;
 type tmpfs, fs_type;
 type shm, fs_type;
 type mqueue, fs_type;
-type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
-type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
+type fuse, sdcard_type, fs_type, mlstrustedobject;
+type vfat, sdcard_type, fs_type, mlstrustedobject;
+typealias fuse alias sdcard_internal;
+typealias vfat alias sdcard_external;
 type debugfs, fs_type, mlstrustedobject;
 type pstorefs, fs_type;
 type functionfs, fs_type;
diff --git a/genfs_contexts b/genfs_contexts
index a0188334727103489a5befe556b8d5724d0a02ef..ab4e045a2547f9bc28570f1478130374cf95e68f 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -25,9 +25,9 @@ genfscon cgroup / u:object_r:cgroup:s0
 # sysfs labels can be set by userspace.
 genfscon sysfs / u:object_r:sysfs:s0
 genfscon inotifyfs / u:object_r:inotify:s0
-genfscon vfat / u:object_r:sdcard_external:s0
+genfscon vfat / u:object_r:vfat:s0
 genfscon debugfs / u:object_r:debugfs:s0
-genfscon fuse / u:object_r:sdcard_internal:s0
+genfscon fuse / u:object_r:fuse:s0
 genfscon pstore / u:object_r:pstorefs:s0
 genfscon functionfs / u:object_r:functionfs:s0
 genfscon usbfs / u:object_r:usbfs:s0
diff --git a/kernel.te b/kernel.te
index 422edc9e5ad89b911456bbbd2dd2103fa2712f9a..b8a8cf28b64ee99f19117d00d1141f98d4392720 100644
--- a/kernel.te
+++ b/kernel.te
@@ -35,7 +35,7 @@ dontaudit kernel self:security setenforce;
 allow kernel self:security setcheckreqprot;
 
 # MTP sync
-allow kernel sdcard_internal:file { read write };
+allow kernel fuse:file { read write };
 
 ###
 ### neverallow rules
diff --git a/recovery.te b/recovery.te
index 28c7f80ad152279dbf0239bccd1dc8bc3164af0d..66aa3dfc0c0eff1060aa375f3a78a7aa8ba32820 100644
--- a/recovery.te
+++ b/recovery.te
@@ -87,13 +87,10 @@ recovery_only(`
   # Use setfscreatecon() to label files for OTA updates.
   allow recovery self:process setfscreate;
 
-  # Allow recovery to create a fuse filesystem, and read files from
-  # it.  (Note that all files on fuse filesystems are labeled
-  # "sdcard_internal"; the simulated SD card is the only other user of
-  # fuse.)
+  # Allow recovery to create a fuse filesystem, and read files from it.
   allow recovery fuse_device:chr_file rw_file_perms;
-  allow recovery sdcard_internal:dir r_dir_perms;
-  allow recovery sdcard_internal:file r_file_perms;
+  allow recovery fuse:dir r_dir_perms;
+  allow recovery fuse:file r_file_perms;
 
   wakelock_use(recovery)