diff --git a/private/domain.te b/private/domain.te
index 3a7ef424261dd60fd0187e36c7d9ce91d6ce3634..f7f5d66dac483823dd60823a1baa4b14ff42c8ca 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -121,3 +121,58 @@ full_treble_only(`
 # Disallow direct access by other processes.
 neverallow { domain -init -system_server } dropbox_data_file:dir *;
 neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
+
+###
+# Services should respect app sandboxes
+neverallow {
+  domain
+  -appdomain
+  -installd # creation of sandbox
+} app_data_file:dir_file_class_set { create unlink };
+
+# Only the following processes should be directly accessing private app
+# directories.
+neverallow {
+  domain
+  -adbd
+  -appdomain
+  -dexoptanalyzer
+  -init
+  -installd
+  -mediaserver # b/80300620
+  userdebug_or_eng(`-perfprofd')
+  -profman
+  -runas
+  -system_server
+  -vold
+} app_data_file:dir *;
+
+# Only apps should be modifying app data. init and installd are exempted for
+# restorecon and package install/uninstall.
+neverallow {
+  domain
+  -appdomain
+  -init
+  -installd
+} app_data_file:dir ~r_dir_perms;
+
+neverallow {
+  domain
+  -appdomain
+  -installd
+  -mediaserver # b/80300620
+  userdebug_or_eng(`-perfprofd')
+  -vold # b/80418809
+} app_data_file:file_class_set open;
+
+neverallow {
+  domain
+  -appdomain
+  -installd # creation of sandbox
+} app_data_file:dir_file_class_set { create unlink };
+
+neverallow {
+  domain
+  -init
+  -installd
+} app_data_file:dir_file_class_set { relabelfrom relabelto };
diff --git a/public/domain.te b/public/domain.te
index f58b4567cba0ef647edc911c47d254acb21c2060..0f977294a330cec3833d272acf7d6bc206376aa3 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1182,20 +1182,6 @@ neverallow {
   priv_app
 } system_app_data_file:dir_file_class_set { create unlink open };
 
-
-# Services should respect app sandboxes
-neverallow {
-  domain
-  -appdomain
-  -installd # creation of sandbox
-} app_data_file:dir_file_class_set { create unlink };
-
-neverallow {
-  domain
-  -init
-  -installd
-} app_data_file:dir_file_class_set { relabelfrom relabelto };
-
 #
 # Only these domains should transition to shell domain. This domain is
 # permissible for the "shell user". If you need a process to exec a shell
diff --git a/public/init.te b/public/init.te
index 24dfb1d133df6f81775f296f90d67af377759eb7..2519311dbf5d920bb17abfbd31c2f59149d50155 100644
--- a/public/init.te
+++ b/public/init.te
@@ -210,6 +210,8 @@ allow init {
 allow init cache_file:lnk_file r_file_perms;
 
 allow init { file_type -system_file -vendor_file_type -exec_type }:dir_file_class_set relabelto;
+# does init really need to relabel app data?
+userdebug_or_eng(`auditallow init app_data_file:dir_file_class_set relabelto;')
 allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom };
 allow init { sysfs_type debugfs_type }:{ dir file lnk_file } { relabelto getattr };
 allow init dev_type:dir create_dir_perms;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 861d11d613691aeaceeb042d67b40048a4827037..4032a7623b0517972d883c02476c81b4eb861528 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -30,7 +30,10 @@ binder_service(mediaserver)
 
 allow mediaserver media_data_file:dir create_dir_perms;
 allow mediaserver media_data_file:file create_file_perms;
+# TODO(b/80190017, b/80300620): remove direct access to private app data
+userdebug_or_eng(`auditallow mediaserver app_data_file:dir search;')
 allow mediaserver app_data_file:dir search;
+userdebug_or_eng(`auditallow mediaserver app_data_file:file open;')
 allow mediaserver app_data_file:file rw_file_perms;
 allow mediaserver sdcard_type:file write;
 allow mediaserver gpu_device:chr_file rw_file_perms;
diff --git a/public/uncrypt.te b/public/uncrypt.te
index 1e48b831d678fc2482772bd39d1a28ae6d1bf7f9..36749802864fd194cfbdc4be4dc53361af79a6ad 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -4,9 +4,6 @@ type uncrypt_exec, exec_type, file_type;
 
 allow uncrypt self:global_capability_class_set dac_override;
 
-# Read OTA zip file from /data/data/com.google.android.gsf/app_download
-r_dir_file(uncrypt, app_data_file)
-
 userdebug_or_eng(`
   # For debugging, allow /data/local/tmp access
   r_dir_file(uncrypt, shell_data_file)
diff --git a/public/vold.te b/public/vold.te
index fd27e35ca22da0d25b1c4ccd5457a90896328ad0..06deefce37d9592f889311b03f87292b06072120 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -81,7 +81,10 @@ allow vold tmpfs:dir create_dir_perms;
 allow vold tmpfs:dir mounton;
 allow vold self:global_capability_class_set { net_admin dac_override mknod sys_admin chown fowner fsetid };
 allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+# TODO(b/80418809): remove direct access to private app data
+userdebug_or_eng(`auditallow vold app_data_file:dir search;')
 allow vold app_data_file:dir search;
+userdebug_or_eng(`auditallow vold app_data_file:file rw_file_perms;')
 allow vold app_data_file:file rw_file_perms;
 allow vold loop_control_device:chr_file rw_file_perms;
 allow vold loop_device:blk_file { create setattr unlink rw_file_perms };