diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index ecca70a7ee1bb387fdadbaced224d11a906e60c8..b050e52abebdb484b59b41292829d022748ce496 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -140,63 +140,20 @@ neverallow all_untrusted_apps *:hwservice_manager ~find;
# incidence rate of security issues than system/core components and have
# access to lower layes of the stack (all the way down to hardware) thus
# increasing opportunities for bypassing the Android security model.
-#
-# Safe services include:
-# - same process services: because they by definition run in the process
-# of the client and thus have the same access as the client domain in which
-# the process runs
-# - coredomain_hwservice: are considered safe because they do not pose risks
-# associated with reason #2 above.
-# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
-# designed for use by any domain.
-# - hal_graphics_allocator_hwservice: because these operations are also offered
-# by surfaceflinger Binder service, which apps are permitted to access
-# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
-# Binder service which apps were permitted to access.
neverallow all_untrusted_apps {
hwservice_manager_type
+ # Same process services are safe because they by definition run in the process
+ # of the client and thus have the same access as the client domain in which
+ # the process runs
-same_process_hwservice
- -coredomain_hwservice
- -hal_configstore_ISurfaceFlingerConfigs
+ -coredomain_hwservice # neverallows for coredomain HwBinder services are below
+ -hal_configstore_ISurfaceFlingerConfigs # Designed for use by any domain
+ # These operations are also offered by surfaceflinger Binder service which
+ # apps are permitted to access
-hal_graphics_allocator_hwservice
+ # HwBinder version of mediacodec Binder service which apps were permitted to
+ # access
-hal_omx_hwservice
- -untrusted_app_visible_hwservice
-}:hwservice_manager find;
-neverallow untrusted_app_visible_hwservice unlabeled:service_manager list; #TODO: b/62658302
-# Make sure that the following services are never accessible by untrusted_apps
-neverallow all_untrusted_apps {
- default_android_hwservice
- hal_audio_hwservice
- hal_bluetooth_hwservice
- hal_bootctl_hwservice
- hal_camera_hwservice
- hal_contexthub_hwservice
- hal_drm_hwservice
- hal_dumpstate_hwservice
- hal_fingerprint_hwservice
- hal_gatekeeper_hwservice
- hal_gnss_hwservice
- hal_graphics_composer_hwservice
- hal_health_hwservice
- hal_ir_hwservice
- hal_keymaster_hwservice
- hal_light_hwservice
- hal_memtrack_hwservice
- hal_nfc_hwservice
- hal_oemlock_hwservice
- hal_power_hwservice
- hal_sensors_hwservice
- hal_telephony_hwservice
- hal_thermal_hwservice
- hal_tv_cec_hwservice
- hal_tv_input_hwservice
- hal_usb_hwservice
- hal_vibrator_hwservice
- hal_vr_hwservice
- hal_weaver_hwservice
- hal_wifi_hwservice
- hal_wifi_supplicant_hwservice
- hidl_base_hwservice
}:hwservice_manager find;
# HwBinder services offered by core components (as opposed to vendor components)
# are considered somewhat safer due to point #2 above.
diff --git a/public/attributes b/public/attributes
index 93046772ecfec02a90c7eb719b5e16e6b521becf..f41c54d594a2ede569da83bc6d1d4324ce3fd665 100644
--- a/public/attributes
+++ b/public/attributes
@@ -145,15 +145,6 @@ attribute socket_between_core_and_vendor_violators;
# TODO(b/36463595)
attribute vendor_executes_system_violators;
-# hwservices that are accessible from untrusted applications
-# WARNING: Use of this attribute should be avoided unless
-# absolutely necessary. It is a temporary allowance to aid the
-# transition to treble and will be removed in a future platform
-# version, requiring all hwservices that are labeled with this
-# attribute to be submitted to AOSP in order to maintain their
-# app-visibility.
-attribute untrusted_app_visible_hwservice;
-
# PDX services
attribute pdx_endpoint_dir_type;
attribute pdx_endpoint_socket_type;