diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 31551acc4250a9bed7a4696afe8bb033371c9059..23594b82638bf33d9c264614c057cbcdc399ee9d 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -10,7 +10,6 @@ define(`all_untrusted_apps',`{
   untrusted_app_25
   untrusted_app_27
   untrusted_app_all
-  untrusted_v2_app
 }')
 # Receive or send uevent messages.
 neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index fbf6f60a1901914162439f810e895a7827d55a4c..4f3546b136a60d6d2920a3ee92f13eef2a02ca0c 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -4,6 +4,7 @@
 (typeattribute hal_wifi_keystore_server)
 
 ;; types removed from current policy
+(type untrusted_v2_app)
 (type asan_reboot_prop)
 (type commontime_management_service)
 (type log_device)
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index fcf4561c0bb7e65c3f9ddfeda869e4e880514ead..d99b499beaf67db0ca3b75ee44c187acc85b03ee 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1,10 +1,11 @@
 ;; types removed from current policy
 (type commontime_management_service)
-(type qtaguid_proc)
 (type mediacodec)
 (type mediacodec_exec)
+(type qtaguid_proc)
 (type reboot_data_file)
 (type rild)
+(type untrusted_v2_app)
 (type webview_zygote_socket)
 (type vold_socket)
 (type thermalcallback_hwservice)
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 054cca26830d9124e6b2fcca20943bb56ddf9db9..c69a1111e1df336bb0dc82b3395577d7b67d20df 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -4,6 +4,7 @@
 (type mediacodec_exec)
 (type qtaguid_proc)
 (type thermalcallback_hwservice)
+(type untrusted_v2_app)
 
 ;; TODO: remove once P sepolicy is pushed to AOSP.
 (type vold_socket)
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 65be583a731469776a616eeb45092e14ae936181..11cea6ea2baf434ea2e9fc65cefccdd73a0ef6a9 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,8 +2,7 @@
 ### Untrusted_app_all.
 ###
 ### This file defines the rules shared by all untrusted app domains except
-### apps which target the v2 security sandbox (ephemeral_app for instant apps,
-### untrusted_v2_app for fully installed v2 apps).
+### ephemeral_app for instant apps.
 ### Apps are labeled based on mac_permissions.xml (maps signer and
 ### optionally package name to seinfo value) and seapp_contexts (maps UID
 ### and optionally seinfo value to domain for process and type for data
@@ -19,7 +18,7 @@
 ### seapp_contexts.
 ###
 ### Note that rules that should apply to all untrusted apps must be in app.te or also
-### added to untrusted_v2_app.te and ephemeral_app.te.
+### added to ephemeral_app.te.
 
 # Some apps ship with shared libraries and binaries that they write out
 # to their sandbox directory and then execute.
diff --git a/private/untrusted_v2_app.te b/private/untrusted_v2_app.te
deleted file mode 100644
index 8f4bceb2c61575087a4f35741c3e536c77720226..0000000000000000000000000000000000000000
--- a/private/untrusted_v2_app.te
+++ /dev/null
@@ -1,47 +0,0 @@
-###
-### Untrusted v2 sandbox apps.
-###
-
-typeattribute untrusted_v2_app coredomain;
-
-app_domain(untrusted_v2_app)
-net_domain(untrusted_v2_app)
-bluetooth_domain(untrusted_v2_app)
-
-# Read and write system app data files passed over Binder.
-# Motivating case was /data/data/com.android.settings/cache/*.jpg for
-# cropping or taking user photos.
-allow untrusted_v2_app system_app_data_file:file { read write getattr };
-
-# Access to /data/media.
-allow untrusted_v2_app media_rw_data_file:dir create_dir_perms;
-allow untrusted_v2_app media_rw_data_file:file create_file_perms;
-
-# Traverse into /mnt/media_rw for bypassing FUSE daemon
-# TODO: narrow this to just MediaProvider
-allow untrusted_v2_app mnt_media_rw_file:dir search;
-
-# allow cts to query all services
-allow untrusted_v2_app servicemanager:service_manager list;
-
-allow untrusted_v2_app audioserver_service:service_manager find;
-allow untrusted_v2_app cameraserver_service:service_manager find;
-allow untrusted_v2_app drmserver_service:service_manager find;
-allow untrusted_v2_app mediaserver_service:service_manager find;
-allow untrusted_v2_app mediaextractor_service:service_manager find;
-allow untrusted_v2_app mediacodec_service:service_manager find;
-allow untrusted_v2_app mediametrics_service:service_manager find;
-allow untrusted_v2_app mediadrmserver_service:service_manager find;
-allow untrusted_v2_app nfc_service:service_manager find;
-allow untrusted_v2_app radio_service:service_manager find;
-# TODO: potentially provide a tighter list of services here
-allow untrusted_v2_app app_api_service:service_manager find;
-
-# gdbserver for ndk-gdb ptrace attaches to app process.
-allow untrusted_v2_app self:process ptrace;
-
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow untrusted_v2_app traced:fd use;
-allow untrusted_v2_app traced_tmpfs:file { read write getattr map };
-unix_socket_connect(untrusted_v2_app, traced_producer, traced)
diff --git a/public/app.te b/public/app.te
index bc4ad611ef5695b450791bbea000dbfc913f6eab..12a9b81c501e23acb7af85828ecba1270a1d613f 100644
--- a/public/app.te
+++ b/public/app.te
@@ -85,10 +85,10 @@ allow appdomain oemfs:dir r_dir_perms;
 allow appdomain oemfs:file rx_file_perms;
 
 # Execute the shell or other system executables.
-allow { appdomain -ephemeral_app -untrusted_v2_app } shell_exec:file rx_file_perms;
-allow { appdomain -ephemeral_app -untrusted_v2_app } toolbox_exec:file rx_file_perms;
-allow { appdomain -untrusted_v2_app } system_file:file x_file_perms;
-not_full_treble(`allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_file:file x_file_perms;')
+allow { appdomain -ephemeral_app } shell_exec:file rx_file_perms;
+allow { appdomain -ephemeral_app } toolbox_exec:file rx_file_perms;
+allow appdomain system_file:file x_file_perms;
+not_full_treble(`allow { appdomain -ephemeral_app } vendor_file:file x_file_perms;')
 
 # Renderscript needs the ability to read directories on /system
 allow appdomain system_file:dir r_dir_perms;
@@ -106,8 +106,8 @@ full_treble_only(`
 
 # Allow apps access to /vendor/app except for privileged
 # apps which cannot be in /vendor.
-r_dir_file({ appdomain -ephemeral_app -untrusted_v2_app }, vendor_app_file)
-allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_app_file:file execute;
+r_dir_file({ appdomain -ephemeral_app }, vendor_app_file)
+allow { appdomain -ephemeral_app } vendor_app_file:file execute;
 
 # Allow apps access to /vendor/overlay
 r_dir_file(appdomain, vendor_overlay_file)
@@ -285,7 +285,7 @@ allow appdomain resourcecache_data_file:dir r_dir_perms;
 
 # logd access
 read_logd(appdomain)
-control_logd({ appdomain -ephemeral_app untrusted_v2_app })
+control_logd({ appdomain -ephemeral_app })
 # application inherit logd write socket (urge is to deprecate this long term)
 allow appdomain zygote:unix_dgram_socket write;
 
diff --git a/public/untrusted_v2_app.te b/public/untrusted_v2_app.te
deleted file mode 100644
index ac82f15310e4a832a332ac98129937301184469b..0000000000000000000000000000000000000000
--- a/public/untrusted_v2_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-###
-### Untrusted v2 sandbox apps.
-###
-
-type untrusted_v2_app, domain;
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index cfa8ef9c88a0939dc8869e4ca95b95af978b3373..6e9eb6ad2132ca3c41f703fd3fd35d97ae9d5932 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -29,7 +29,6 @@ coreAppdomain = {
         'system_app',
         'untrusted_app',
         'untrusted_app_25',
-        'untrusted_v2_app',
         }
 coredomainWhitelist = {
         'adbd',