diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 0b0274505..1e00dcdd1 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -22,9 +22,6 @@ add_service(virtualizationservice, virtualization_service)
 # When virtualizationservice execs a file with the crosvm_exec label, run it in the crosvm domain.
 domain_auto_trans(virtualizationservice, crosvm_exec, crosvm)
 
-# Let virtualizationservice exec other files (e.g. mk_cdisk) in the same domain.
-allow virtualizationservice system_file:file execute_no_trans;
-
 # Let virtualizationservice kill crosvm.
 allow virtualizationservice crosvm:process sigkill;