diff --git a/domain_deprecated.te b/domain_deprecated.te
index c363a6c46d96040c68ba0fff692815712228b4b9..b8ad83c5ae311966244914df2d7c510e75a6eb54 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -78,7 +78,7 @@ auditallow { domain_deprecated -init -system_server -vold } cache_file:lnk_file
 allow domain_deprecated ion_device:chr_file rw_file_perms;
 # split this auditallow into read and write perms since most domains seem to
 # only require read
-auditallow { domain_deprecated -appdomain -fingerprintd -gatekeeperd -keystore -surfaceflinger -system_server -tee -vold -zygote } ion_device:chr_file r_file_perms;
+auditallow { domain_deprecated -appdomain -fingerprintd -keystore -surfaceflinger -system_server -tee -vold -zygote } ion_device:chr_file r_file_perms;
 auditallow domain_deprecated ion_device:chr_file { write append };
 
 # Read access to pseudo filesystems.
@@ -96,8 +96,8 @@ auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -pr
 auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -priv_app -rild -system_app -surfaceflinger -system_server -tee -ueventd -vold -wpa } sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
 auditallow domain_deprecated inotify:dir r_dir_perms;
 auditallow domain_deprecated inotify:{ file lnk_file } r_file_perms;
-auditallow { domain_deprecated -appdomain -fingerprintd -gatekeeperd -healthd -init -inputflinger -installd -keystore -netd -rild -surfaceflinger -system_server -zygote } cgroup:dir r_dir_perms;
-auditallow { domain_deprecated -appdomain -fingerprintd -gatekeeperd -healthd -init -inputflinger -installd -keystore -netd -rild -surfaceflinger -system_server -zygote } cgroup:{ file lnk_file } r_file_perms;
+auditallow { domain_deprecated -appdomain -fingerprintd -healthd -init -inputflinger -installd -keystore -netd -rild -surfaceflinger -system_server -zygote } cgroup:dir r_dir_perms;
+auditallow { domain_deprecated -appdomain -fingerprintd -healthd -init -inputflinger -installd -keystore -netd -rild -surfaceflinger -system_server -zygote } cgroup:{ file lnk_file } r_file_perms;
 auditallow { domain_deprecated -appdomain -init -priv_app -surfaceflinger -system_server -vold } proc_meminfo:file r_file_perms;
 auditallow { domain_deprecated -appdomain -clatd -init -netd -system_server -vold -wpa -zygote } proc_net:dir { open getattr read ioctl lock }; # search granted in domain
 auditallow { domain_deprecated -appdomain -clatd -init -netd -system_server -vold -wpa -zygote } proc_net:{ file lnk_file } r_file_perms;
diff --git a/gatekeeperd.te b/gatekeeperd.te
index 3d9b60cd1f6d3375735302a926484423beb7f406..bc4fe81b447d3853b601a468ffe768d436670d34 100644
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@@ -1,4 +1,4 @@
-type gatekeeperd, domain, domain_deprecated;
+type gatekeeperd, domain;
 type gatekeeperd_exec, exec_type, file_type;
 
 # gatekeeperd