diff --git a/private/tee.te b/private/tee.te
index 01a52def228c8c88bbeecda83bd395d8a7d84660..c29bee6c66f92497a0da2f918434c664105a2a2c 100644
--- a/private/tee.te
+++ b/private/tee.te
@@ -1,7 +1,5 @@
-typeattribute tee coredomain;
-
 init_daemon_domain(tee)
 
-# TODO(b/36601092, b/36601602): Remove this once Keymaster HAL and DRM HAL no longer communicate
-# with tee daemon over sockets or once the tee daemon is moved to vendor partition
+# TODO(b/36714625, b/36715266): Remove this once drmserver, mediaserver, and surfaceflinger no
+# longer communicate with tee daemon over sockets
 typeattribute tee socket_between_core_and_vendor_violators;
diff --git a/public/file.te b/public/file.te
index 21d57446896381809e9f45b0fffcbb3058a17704..92fa4a35fe40f14298838ee2f4d41bdedbb8ccb4 100644
--- a/public/file.te
+++ b/public/file.te
@@ -180,7 +180,7 @@ type wifi_data_file, file_type, data_file_type, core_data_file_type;
 type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
 type vold_data_file, file_type, data_file_type, core_data_file_type;
 type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
-type tee_data_file, file_type, data_file_type, core_data_file_type;
+type tee_data_file, file_type, data_file_type;
 type update_engine_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc/trace for method traces on userdebug / eng builds
 type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
diff --git a/public/hal_keymaster.te b/public/hal_keymaster.te
index 5e66c8af4bd9ca7d3cf24c7d43e51d3844f0ce4d..d50812c3972419fa19e0f3ca018feaf4e0aee596 100644
--- a/public/hal_keymaster.te
+++ b/public/hal_keymaster.te
@@ -2,7 +2,6 @@
 binder_call(hal_keymaster_client, hal_keymaster_server)
 
 allow hal_keymaster tee_device:chr_file rw_file_perms;
-# TODO(b/36601092): Remove this once Keymaster HAL no longer talks to tee domain over Unix domain sockets
 allow hal_keymaster tee:unix_stream_socket connectto;
 
 allow hal_keymaster ion_device:chr_file r_file_perms;
diff --git a/public/tee.te b/public/tee.te
index 45242817c04c30ffc839f67bf4efd99abe274353..84e64920ba7ee969dea6bace7249a52a3ae18bf0 100644
--- a/public/tee.te
+++ b/public/tee.te
@@ -13,5 +13,8 @@ allow tee self:netlink_socket create_socket_perms_no_ioctl;
 allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
 allow tee ion_device:chr_file r_file_perms;
 r_dir_file(tee, sysfs_type)
+
+# TODO(b/36720355): Remove this once tee no longer access non-vendor files
+typeattribute tee coredata_in_vendor_violators;
 allow tee system_data_file:file { getattr read };
 allow tee system_data_file:lnk_file r_file_perms;
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index c779711c9fd84569a3edef38ad93e22ccb305807..ad1762f92ab0844592afea1a2b5337bfc5ba6502 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -7,8 +7,6 @@ init_daemon_domain(hal_drm_default)
 allow hal_drm_default mediacodec:fd use;
 allow hal_drm_default { appdomain -isolated_app }:fd use;
 
-# TODO(b/36601602): Remove this once DRM HAL no longer uses Unix domain sockets to talk to tee daemon
-typeattribute hal_drm_default socket_between_core_and_vendor_violators;
 # TODO (b/36601695) remove hal_drm's access to /data or move to
 # /data/vendor/hardware/hal_drm. Remove coredata_in_vendor_violators
 # attribute.
diff --git a/vendor/hal_keymaster_default.te b/vendor/hal_keymaster_default.te
index 2fd5b44612e3c2762ee4ffbd865faa99128a1e16..32df262abee79e3dfe35b22f328beb174a1886be 100644
--- a/vendor/hal_keymaster_default.te
+++ b/vendor/hal_keymaster_default.te
@@ -3,6 +3,3 @@ hal_server_domain(hal_keymaster_default, hal_keymaster)
 
 type hal_keymaster_default_exec, exec_type, file_type;
 init_daemon_domain(hal_keymaster_default)
-
-# TODO(b/36601092): Remove this once Keymaster HAL no longer talks to tee domain over Unix domain sockets
-typeattribute hal_keymaster_default socket_between_core_and_vendor_violators;