diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 892eb9acd2fdc51b8e5c0e8ca4fdfcd851271f76..0a817269253ebf01ab1c3bc808b4f0e66e548124 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -41,10 +41,10 @@ neverallow { all_untrusted_apps -mediaprovider } property_type:property_service
 # but otherwise disallow untrusted apps from reading this property.
 neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
 
-# Renderscript created files within an app home directory can be
-# dlopen()ed. To maintain the W^X property, these files
+# Shared libraries created by trusted components within an app home
+# directory can be dlopen()ed. To maintain the W^X property, these files
 # must never be writable to the app.
-neverallow all_untrusted_apps rs_data_file:file
+neverallow all_untrusted_apps app_exec_data_file:file
   { append create link relabelfrom relabelto rename setattr write };
 
 # Block calling execve() on files in an apps home directory.
@@ -127,7 +127,7 @@ neverallow { all_untrusted_apps -mediaprovider } {
   file_type
   -app_data_file            # The apps sandbox itself
   -privapp_data_file
-  -rs_data_file             # stored within the app sandbox directory
+  -app_exec_data_file       # stored within the app sandbox directory
   -media_rw_data_file       # Internal storage. Known that apps can
                             # leave artfacts here after uninstall.
   -user_profile_data_file   # Access to profile files
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 4935f3340fe53f9f57d577e098252ff6f45bd129..3500c0f7f3f363c6a4cbadecac1cb79f521f5d9f 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -27,9 +27,9 @@ allow ephemeral_app app_data_file:file     { r_file_perms execute };
 # Allow the renderscript compiler to be run.
 domain_auto_trans(ephemeral_app, rs_exec, rs)
 
-# Allow loading and deleting renderscript created shared libraries
-# within an application home directory.
-allow ephemeral_app rs_data_file:file { r_file_perms execute unlink };
+# Allow loading and deleting shared libraries created by trusted system
+# components within an application home directory.
+allow ephemeral_app app_exec_data_file:file { r_file_perms execute unlink };
 
 # services
 allow ephemeral_app audioserver_service:service_manager find;
diff --git a/private/file.te b/private/file.te
index 884374397c1fa4265ea388a37852c11372a551fe..6704c7934153960372065bd719dbf5260004c4e8 100644
--- a/private/file.te
+++ b/private/file.te
@@ -13,5 +13,6 @@ type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
 # /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
 type debugfs_kcov, fs_type, debugfs_type;
 
-# renderscript created files in /data/data directories
-type rs_data_file, file_type, data_file_type, core_data_file_type;
+# App executable files in /data/data directories
+type app_exec_data_file, file_type, data_file_type, core_data_file_type;
+typealias app_exec_data_file alias rs_data_file;
diff --git a/private/installd.te b/private/installd.te
index fd3535c86a7b69d19805b987d4531aaa00888132..26d5ef66b32bbc1030f0d6d4826bc0299cdb9c57 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -22,4 +22,4 @@ allow installd dumpstate:fd use;
 allow installd dumpstate:fifo_file r_file_perms;
 
 # Delete /system/bin/bcc generated artifacts
-allow installd rs_data_file:file unlink;
+allow installd app_exec_data_file:file unlink;
diff --git a/private/rs.te b/private/rs.te
index 56f8dfcc7f78de028fcd612c3875237a5676f174..f0c9409b71fe841f2eb66cea49a9ca8fab449cb5 100644
--- a/private/rs.te
+++ b/private/rs.te
@@ -1,8 +1,8 @@
 # Any files which would have been created as app_data_file
-# will be created as rs_data_file instead.
+# will be created as app_exec_data_file instead.
 allow rs app_data_file:dir ra_dir_perms;
-allow rs rs_data_file:file create_file_perms;
-type_transition rs app_data_file:file rs_data_file;
+allow rs app_exec_data_file:file create_file_perms;
+type_transition rs app_data_file:file app_exec_data_file;
 
 # Follow /data/user/0 symlink
 allow rs system_data_file:lnk_file read;
@@ -11,7 +11,7 @@ allow rs system_data_file:lnk_file read;
 allow rs app_data_file:file r_file_perms;
 allow rs app_data_file:dir r_dir_perms;
 
-# Cleanup rs_data_file files in the app home directory.
+# Cleanup app_exec_data_file files in the app home directory.
 allow rs app_data_file:dir remove_name;
 
 # Use vendor resources
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index aebb7118aee60acc06342225acf4b76ca00987c9..ba707516b547408797fd12140fc1d42995dcdca1 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -25,9 +25,10 @@
 allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
 allow untrusted_app_all app_data_file:file     { r_file_perms execute };
 
-# Allow loading and deleting renderscript created shared libraries
-# within an application home directory.
-allow untrusted_app_all rs_data_file:file { r_file_perms execute unlink };
+# Allow loading and deleting executable shared libraries
+# within an application home directory. Such shared libraries would be
+# created by things like renderscript or via other mechanisms.
+allow untrusted_app_all app_exec_data_file:file { r_file_perms execute unlink };
 
 # ASEC
 allow untrusted_app_all asec_apk_file:file r_file_perms;