diff --git a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
index 92aba6dfa04c..132e8a3fadf2 100644
--- a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
@@ -54,7 +54,7 @@ private class WildCardPermissionConstruction extends ClassInstanceExpr, Permissi
  * A configuration for tracking flow from user input to a permissions check.
  */
 module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UserInput }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
 
   predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(PermissionsConstruction p).getInput()
diff --git a/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md b/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md
new file mode 100644
index 000000000000..3cef94d4523c
--- /dev/null
+++ b/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.