diff --git a/tracking_denials/trusty_apploader.te b/tracking_denials/trusty_apploader.te
index e332dfaf..46e5481b 100644
--- a/tracking_denials/trusty_apploader.te
+++ b/tracking_denials/trusty_apploader.te
@@ -1,11 +1,4 @@
-# b/263305034
-dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { ioctl };
-dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { open };
-dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { read };
-dontaudit trusty_apploader tee_device:chr_file { ioctl };
-dontaudit trusty_apploader tee_device:chr_file { open };
-dontaudit trusty_apploader tee_device:chr_file { read write };
 # b/264489569
 userdebug_or_eng(`
   permissive trusty_apploader;
-')
\ No newline at end of file
+')
diff --git a/vendor/trusty_apploader.te b/vendor/trusty_apploader.te
index eb2dbcbe..983e3a03 100644
--- a/vendor/trusty_apploader.te
+++ b/vendor/trusty_apploader.te
@@ -2,3 +2,6 @@ type trusty_apploader, domain;
 type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(trusty_apploader)
 
+allow trusty_apploader ion_device:chr_file r_file_perms;
+allow trusty_apploader tee_device:chr_file rw_file_perms;
+allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms;