diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 6470b0ef57a8e4d8a05cf03d4af58119f422aefc..dfaee86e1ba097f608f1adc9ead164df05920ae5 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -5,7 +5,15 @@
 # Only allow domains in AOSP to use the untrusted_app_all attribute.
 neverallow { untrusted_app_all -untrusted_app -untrusted_app_25 } domain:process fork;
 
-define(`all_untrusted_apps',`{ untrusted_app_all untrusted_app_25 untrusted_app ephemeral_app isolated_app mediaprovider }')
+define(`all_untrusted_apps',`{
+  ephemeral_app
+  isolated_app
+  mediaprovider
+  untrusted_app
+  untrusted_app_25
+  untrusted_app_all
+  untrusted_v2_app
+}')
 # Receive or send uevent messages.
 neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;