diff --git a/untrusted_app.te b/untrusted_app.te
index e68c57013..6c21cc573 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -60,7 +60,11 @@ allow untrusted_app system_app_data_file:file { read write getattr };
 #
 
 # Access /dev/mtp_usb.
+# TODO android.process.media moved to priv_app domain. Does
+# untrusted_app still require these permissions? Can "open"
+# be removed?
 allow untrusted_app mtp_device:chr_file rw_file_perms;
+auditallow untrusted_app mtp_device:chr_file rw_file_perms;
 
 # Access to /data/media.
 allow untrusted_app media_rw_data_file:dir create_dir_perms;