diff --git a/attributes b/attributes
index 69654e32b79dd5f077a3cd06afd6565a928e39d9..9d13a1b611036233d7530cae3c0b4493ba001a25 100644
--- a/attributes
+++ b/attributes
@@ -64,6 +64,3 @@ attribute bluetoothdomain;
 
 # All domains used for binder service domains.
 attribute binderservicedomain;
-
-# All domains which are allowed the "relabelto" permission
-attribute relabeltodomain;
diff --git a/debuggerd.te b/debuggerd.te
index 32bc185f0a38a24546c5babb5f5edddcb1df397d..d81c73ce9d030a3e9039a4da11320245939b0f04 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -12,7 +12,6 @@ allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd }:process ptra
 security_access_policy(debuggerd)
 allow debuggerd system_data_file:dir create_dir_perms;
 allow debuggerd system_data_file:dir relabelfrom;
-relabelto_domain(debuggerd)
 allow debuggerd tombstone_data_file:dir relabelto;
 allow debuggerd tombstone_data_file:dir create_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
diff --git a/domain.te b/domain.te
index 38ee315ffd551a77e569edcf650c6d21dff7d5d1..5e29272de10495c9f7ad4d381adc6f5efb8861d0 100644
--- a/domain.te
+++ b/domain.te
@@ -146,9 +146,6 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 ### neverallow rules
 ###
 
-# Limit ability to relabel files to domains marked with relabelto_domain().
-neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
-
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
 # with other UIDs to these whitelisted domains.
 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;
diff --git a/dumpstate.te b/dumpstate.te
index 749cc469e263e4df8760a3b0a2713ec67df5cfe1..f6a4ba9b7f9e11b359dba03607a783d72408f14b 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -5,7 +5,6 @@ type dumpstate_exec, exec_type, file_type;
 
 init_daemon_domain(dumpstate)
 net_domain(dumpstate)
-relabelto_domain(dumpstate)
 binder_use(dumpstate)
 
 # Drop privileges by switching UID / GID
diff --git a/init.te b/init.te
index 68eab2efbb02ff8ccacbc8e2db843c21ac1342b6..3441dd0c31966d28287b475297920ff9f1118f71 100644
--- a/init.te
+++ b/init.te
@@ -3,7 +3,6 @@ type init, domain;
 # init is unconfined.
 unconfined_domain(init)
 tmpfs_domain(init)
-relabelto_domain(init)
 # add a rule to handle unlabelled mounts
 allow init unlabeled:filesystem mount;
 
diff --git a/installd.te b/installd.te
index 76615800ecf3b6897173b92a8bf8b92d1dabcfab..0c9167948e493f4550d0fac463cba03c97a87552 100644
--- a/installd.te
+++ b/installd.te
@@ -3,7 +3,6 @@ type installd, domain;
 type installd_exec, exec_type, file_type;
 
 init_daemon_domain(installd)
-relabelto_domain(installd)
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
 allow installd system_data_file:file create_file_perms;
diff --git a/kernel.te b/kernel.te
index 88ebc50924d0f7e6eb52ef8b6a4d327293f09b47..1ff8f682e0a69351ff065bb684fd7106bdc738fb 100644
--- a/kernel.te
+++ b/kernel.te
@@ -5,7 +5,6 @@ allow kernel init:process dyntransition;
 
 # The kernel is unconfined.
 unconfined_domain(kernel)
-relabelto_domain(kernel)
 
 allow kernel {fs_type dev_type file_type}:dir_file_class_set relabelto;
 allow kernel unlabeled:filesystem mount;
diff --git a/recovery.te b/recovery.te
index b6f82c7834d1323a897f294ed730a4eb374c2960..5c510e40755f7b548a411f3cea00b16900cf4dfd 100644
--- a/recovery.te
+++ b/recovery.te
@@ -2,7 +2,6 @@
 type recovery, domain;
 allow recovery rootfs:file entrypoint;
 unconfined_domain(recovery)
-relabelto_domain(recovery)
 
 allow recovery self:capability2 mac_admin;
 
diff --git a/system_server.te b/system_server.te
index 7a9d063278d4622b23f5e14114891586c1763642..30f302510e763e8ee4a114051dcd5d06d9a67cfa 100644
--- a/system_server.te
+++ b/system_server.te
@@ -175,7 +175,6 @@ allow system_server { data_file_type -keystore_data_file }:notdevfile_class_set
 security_access_policy(system_server)
 
 # Relabel apk files.
-relabelto_domain(system_server)
 allow system_server { apk_tmp_file apk_private_tmp_file }:file { relabelfrom relabelto };
 allow system_server { apk_data_file apk_private_data_file }:file { relabelfrom relabelto };
 
diff --git a/te_macros b/te_macros
index ddae3dff2ba7fbae4a393d47cada255bc1149c56..ecdf8b4f8dbd0cd1941b92b87fe9b3b6f53369f1 100644
--- a/te_macros
+++ b/te_macros
@@ -111,13 +111,6 @@ tmpfs_domain($1)
 allow $1 $1_tmpfs:file execute;
 ')
 
-#####################################
-# relabelto_domain(domain)
-# Allows this domain to use the relabelto permission
-define(`relabelto_domain', `
-typeattribute $1 relabeltodomain;
-')
-
 #####################################
 # net_domain(domain)
 # Allow a base set of permissions required for network access.
diff --git a/ueventd.te b/ueventd.te
index f02b899df72eca0856026464293b42262634f848..babebe04db1d25cf5012a65ced087c14e15081a6 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -4,7 +4,6 @@ type ueventd, domain;
 tmpfs_domain(ueventd)
 write_klog(ueventd)
 security_access_policy(ueventd)
-relabelto_domain(ueventd)
 allow ueventd rootfs:file entrypoint;
 allow ueventd init:process sigchld;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
diff --git a/vold.te b/vold.te
index 350f6300908e400e973b38417b65a18e071b4eee..7fbba76ed1f2f01bcecee9c5d524f0e4940c6fb1 100644
--- a/vold.te
+++ b/vold.te
@@ -71,7 +71,6 @@ allow vold ctl_fuse_prop:property_service set;
 allow vold asec_image_file:file create_file_perms;
 allow vold asec_image_file:dir rw_dir_perms;
 security_access_policy(vold)
-relabelto_domain(vold)
 allow vold asec_apk_file:dir { rw_dir_perms setattr relabelfrom };
 allow vold asec_public_file:dir { relabelto setattr };
 allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };