diff --git a/bluetooth.te b/bluetooth.te
index 4f1ef6e55a9590e1afcb72f8e4976b471b28a273..bc2acef7f48896c76e3551c144714973efa43f8f 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -60,8 +60,6 @@ allow bluetooth system_api_service:service_manager find;
 service_manager_local_audit_domain(bluetooth)
 auditallow bluetooth {
     tmp_system_server_service
-    -network_management_service
-    -power_service
     -registry_service
     -user_service
 }:service_manager find;
diff --git a/drmserver.te b/drmserver.te
index 418ce397a85b857ac517a5368d8ac42a26d3d16e..d76d3bebbf53427ae77898f449035a45f2d616c4 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -50,12 +50,6 @@ allow drmserver oemfs:dir search;
 allow drmserver oemfs:file r_file_perms;
 
 allow drmserver drmserver_service:service_manager { add find };
-allow drmserver tmp_system_server_service:service_manager find;
-
-service_manager_local_audit_domain(drmserver)
-auditallow drmserver {
-    tmp_system_server_service
-    -permission_service
-}:service_manager find;
+allow drmserver permission_service:service_manager find;
 
 selinux_check_access(drmserver)
diff --git a/mediaserver.te b/mediaserver.te
index 835802e7ada5be16101886ef2694293d54c52759..64971015d33c2d11ee585325d467e60f7d82d773 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -83,15 +83,15 @@ allow mediaserver appops_service:service_manager find;
 allow mediaserver batterystats_service:service_manager find;
 allow mediaserver drmserver_service:service_manager find;
 allow mediaserver mediaserver_service:service_manager { add find };
+allow mediaserver permission_service:service_manager find;
+allow mediaserver power_service:service_manager find;
+allow mediaserver processinfo_service:service_manager find;
 allow mediaserver surfaceflinger_service:service_manager find;
 allow mediaserver tmp_system_server_service:service_manager find;
 
 service_manager_local_audit_domain(mediaserver)
 auditallow mediaserver {
     tmp_system_server_service
-    -permission_service
-    -power_service
-    -processinfo_service
     -scheduling_policy_service
 }:service_manager find;
 
diff --git a/nfc.te b/nfc.te
index 6532c6853207a353c74c1edaf488df2c61a2f76b..e4a4ccb564024737c738cb9d6e5c3ca50e2e65c1 100644
--- a/nfc.te
+++ b/nfc.te
@@ -30,8 +30,6 @@ allow nfc system_api_service:service_manager find;
 service_manager_local_audit_domain(nfc)
 auditallow nfc {
     tmp_system_server_service
-    -network_management_service
-    -power_service
     -registry_service
     -trust_service
     -user_service
diff --git a/platform_app.te b/platform_app.te
index 89b3a6625049475c27d97ee00c59f05f23d7d7f9..2943e6ce6600a0c1189597497e8df178a0fa97eb 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -30,6 +30,7 @@ allow platform_app cache_file:file create_file_perms;
 
 allow platform_app drmserver_service:service_manager find;
 allow platform_app mediaserver_service:service_manager find;
+allow platform_app persistent_data_block_service:service_manager find;
 allow platform_app radio_service:service_manager find;
 allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app tmp_system_server_service:service_manager find;
@@ -39,9 +40,6 @@ allow platform_app system_api_service:service_manager find;
 service_manager_local_audit_domain(platform_app)
 auditallow platform_app {
     tmp_system_server_service
-    -network_management_service
-    -notification_service
-    -power_service
     -registry_service
     -search_service
     -sensorservice_service
diff --git a/radio.te b/radio.te
index c14e964d6a11f229b07e900b7a1a74fbb6de976b..469f1d959872d21d95c0c3c813a0d003d9d79304 100644
--- a/radio.te
+++ b/radio.te
@@ -41,9 +41,6 @@ allow radio system_api_service:service_manager find;
 service_manager_local_audit_domain(radio)
 auditallow radio {
     tmp_system_server_service
-    -network_management_service
-    -notification_service
-    -power_service
     -registry_service
     -trust_service
     -user_service
diff --git a/service.te b/service.te
index bbca5e7bf712db69fdf64302a8848cdd77a66ea1..fa4d56e720bf826f460d16302574e084e3e51ff3 100644
--- a/service.te
+++ b/service.te
@@ -62,16 +62,16 @@ type midi_service, app_api_service, system_server_service, service_manager_type;
 type mount_service, app_api_service, system_server_service, service_manager_type;
 type netpolicy_service, app_api_service, system_server_service, service_manager_type;
 type netstats_service, system_api_service, system_server_service, service_manager_type;
-type network_management_service, tmp_system_server_service, service_manager_type;
-type network_score_service, tmp_system_server_service, service_manager_type;
-type notification_service, tmp_system_server_service, service_manager_type;
-type package_service, tmp_system_server_service, service_manager_type;
-type permission_service, tmp_system_server_service, service_manager_type;
-type persistent_data_block_service, tmp_system_server_service, service_manager_type;
-type power_service, tmp_system_server_service, service_manager_type;
-type print_service, tmp_system_server_service, service_manager_type;
-type processinfo_service, tmp_system_server_service, service_manager_type;
-type procstats_service, tmp_system_server_service, service_manager_type;
+type network_management_service, system_api_service, system_server_service, service_manager_type;
+type network_score_service, system_api_service, system_server_service, service_manager_type;
+type notification_service, app_api_service, system_server_service, service_manager_type;
+type package_service, app_api_service, system_server_service, service_manager_type;
+type permission_service, app_api_service, system_server_service, service_manager_type;
+type persistent_data_block_service, system_server_service, service_manager_type;
+type power_service, app_api_service, system_server_service, service_manager_type;
+type print_service, app_api_service, system_server_service, service_manager_type;
+type processinfo_service, system_server_service, service_manager_type;
+type procstats_service, app_api_service, system_server_service, service_manager_type;
 type restrictions_service, tmp_system_server_service, service_manager_type;
 type rttmanager_service, tmp_system_server_service, service_manager_type;
 type samplingprofiler_service, system_server_service, service_manager_type;
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 007be9624c95ae6b6ee1554c86ffd790bc79d3d2..c83caf2a6451a73f63918edbb57a980c79328821 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -60,14 +60,14 @@ allow surfaceflinger tee_device:chr_file rw_file_perms;
 
 # media.player service
 allow surfaceflinger mediaserver_service:service_manager find;
+allow surfaceflinger permission_service:service_manager find;
+allow surfaceflinger power_service:service_manager find;
 allow surfaceflinger surfaceflinger_service:service_manager { add find };
 allow surfaceflinger tmp_system_server_service:service_manager find;
 
 service_manager_local_audit_domain(surfaceflinger)
 auditallow surfaceflinger {
     tmp_system_server_service
-    -permission_service
-    -power_service
     -window_service
 }:service_manager find;
 
diff --git a/system_app.te b/system_app.te
index d518e119488133eff61072a5de30454dbb94d68c..9b4e29a481624e3f2b0834482a92fe571b0a57e6 100644
--- a/system_app.te
+++ b/system_app.te
@@ -60,11 +60,6 @@ allow system_app system_api_service:service_manager find;
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
     tmp_system_server_service
-    -network_management_service
-    -network_score_service
-    -notification_service
-    -power_service
-    -print_service
     -registry_service
     -restrictions_service
     -sensorservice_service
diff --git a/system_server.te b/system_server.te
index a2cfeba2fc804055b98231cf1a37152289713e27..cb5d5cb9f4b7a3425d2c2d30ed7d587679b1b28a 100644
--- a/system_server.te
+++ b/system_server.te
@@ -376,12 +376,6 @@ allow system_server tmp_system_server_service:service_manager { add find };
 service_manager_local_audit_domain(system_server)
 auditallow system_server {
     tmp_system_server_service
-    -network_management_service
-    -network_score_service
-    -notification_service
-    -package_service
-    -permission_service
-    -power_service
     -registry_service
     -sensorservice_service
     -statusbar_service
diff --git a/untrusted_app.te b/untrusted_app.te
index c1135e86be610076d8fc8790cd1bfac20d55e558..c94092a11a43d4ca6a663e32759bf93499f39daf 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -87,15 +87,12 @@ allow untrusted_app app_api_service:service_manager find;
 # TODO: remove this once priv-apps are no longer running in untrusted_app
 allow untrusted_app system_api_service:service_manager find;
 
+# TODO: remove and replace with specific package that accesses this
+allow untrusted_app persistent_data_block_service:service_manager find;
+
 service_manager_local_audit_domain(untrusted_app)
 auditallow untrusted_app {
     tmp_system_server_service
-    -network_management_service
-    -network_score_service
-    -notification_service
-    -persistent_data_block_service
-    -power_service
-    -procstats_service
     -registry_service
     -rttmanager_service
     -search_service