diff --git a/private/coredomain.te b/private/coredomain.te
index 84d7a8f360213d765ad4f849028147adc7c32fbc..23224c323b5771b249e1e6406d2156acaf2b01a9 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -10,7 +10,6 @@ neverallow {
 
     # generic access to sysfs_type
     -ueventd
-    -vendor_init
     -vold
 } sysfs_leds:file *;
 ')
diff --git a/private/domain.te b/private/domain.te
index dae40d25abd0219df9688c3c57f7a77e587edfff..46d3189130595d3ed35e332fceb001b74bde7c86 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -25,7 +25,6 @@ full_treble_only(`
   neverallow {
     coredomain
     -vold
-    -vendor_init
   } proc:file no_rw_file_perms;
 
   # /sys
@@ -34,7 +33,6 @@ full_treble_only(`
     -init
     -ueventd
     -vold
-    -vendor_init
   } sysfs:file no_rw_file_perms;
 
   # /dev
@@ -43,7 +41,6 @@ full_treble_only(`
     -fsck
     -init
     -ueventd
-    -vendor_init
   } device:{ blk_file file } no_rw_file_perms;
 
   # debugfs
@@ -52,7 +49,6 @@ full_treble_only(`
     -dumpstate
     -init
     -system_server
-    -vendor_init
   } debugfs:file no_rw_file_perms;
 
   # tracefs
@@ -65,14 +61,12 @@ full_treble_only(`
     userdebug_or_eng(`-traced_probes')
     -shell
     userdebug_or_eng(`-traceur_app')
-    -vendor_init
   } debugfs_tracing:file no_rw_file_perms;
 
   # inotifyfs
   neverallow {
     coredomain
     -init
-    -vendor_init
   } inotify:file no_rw_file_perms;
 
   # pstorefs
@@ -89,7 +83,6 @@ full_treble_only(`
     -recovery_refresh
     -shell
     -system_server
-    -vendor_init
   } pstorefs:file no_rw_file_perms;
 
   # configfs
@@ -97,7 +90,6 @@ full_treble_only(`
     coredomain
     -init
     -system_server
-    -vendor_init
   } configfs:file no_rw_file_perms;
 
   # functionfs
@@ -106,13 +98,11 @@ full_treble_only(`
     -adbd
     -init
     -mediaprovider
-    -vendor_init
   }functionfs:file no_rw_file_perms;
 
   # usbfs and binfmt_miscfs
   neverallow {
     coredomain
     -init
-    -vendor_init
   }{ usbfs binfmt_miscfs }:file no_rw_file_perms;
 ')
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 5d97f7269e6f7915c2a5fe31ad26ee79460775d7..50efc22d695fda25a8e095e033042662ec8cf037 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -1,5 +1,3 @@
-typeattribute vendor_init coredomain;
-
 # Creating files on sysfs is impossible so this isn't a threat
 # Sometimes we have to write to non-existent files to avoid conditional
 # init behavior. See b/35303861 for an example.
diff --git a/public/domain.te b/public/domain.te
index 9b4fc74cf9f34252a93f2ddd0340f5c942b33969..308311c18e601aeee0e5332977610cd8d6e5a69e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -718,6 +718,7 @@ full_treble_only(`
     -coredomain
     -appdomain # appdomain restrictions below
     -socket_between_core_and_vendor_violators
+    -vendor_init
   } {
     coredomain_socket
     core_data_file_type
@@ -741,7 +742,6 @@ full_treble_only(`
     -init
     -ueventd
     -socket_between_core_and_vendor_violators
-    -vendor_init
   } {
     file_type
     dev_type
@@ -767,7 +767,6 @@ full_treble_only(`
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
-    -vendor_init
   } {
     data_file_type
     -core_data_file_type
@@ -777,7 +776,6 @@ full_treble_only(`
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
-    -vendor_init
     } {
       data_file_type
       -core_data_file_type
@@ -838,7 +836,6 @@ full_treble_only(`
         userdebug_or_eng(`-perfprofd')
         -postinstall_dexopt
         -system_server
-        -vendor_init
     } vendor_app_file:dir { open read getattr search };
 
     neverallow {
@@ -851,7 +848,6 @@ full_treble_only(`
         userdebug_or_eng(`-perfprofd')
         -postinstall_dexopt
         -system_server
-        -vendor_init
     } vendor_app_file:{ file lnk_file } r_file_perms;
 
     # Limit access to /vendor/overlay
@@ -863,7 +859,6 @@ full_treble_only(`
         -installd
         -system_server
         -zygote
-        -vendor_init
     } vendor_overlay_file:dir { getattr open read search };
 
     neverallow {
@@ -874,7 +869,6 @@ full_treble_only(`
         -installd
         -system_server
         -zygote
-        -vendor_init
     } vendor_overlay_file:{ file lnk_file } r_file_perms;
 
     # Non-vendor domains are not allowed to file execute shell
@@ -882,7 +876,6 @@ full_treble_only(`
     neverallow {
         coredomain
         -init
-        -vendor_init
         -shell
     } vendor_shell_exec:file { execute execute_no_trans };
 
@@ -908,7 +901,6 @@ full_treble_only(`
       coredomain
       -init
       -system_executes_vendor_violators
-      -vendor_init
     } {
       vendor_file_type
       -same_process_hal_file
@@ -1217,6 +1209,5 @@ full_treble_only(`
     -ueventd
     -crash_dump
     -perfprofd
-    -vendor_init
   } vendor_file:file { create_file_perms x_file_perms };
 ')
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 3c5c535128f87c1c056a207d7a905d32947efd47..2f9e9948b9c3ffbeaa2060b59a32fd0fca664ee5 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -38,6 +38,7 @@ coredomainWhitelist = {
         'postinstall_dexopt',
         'recovery',
         'system_server',
+        'vendor_init',
         }
 coredomainWhitelist |= coreAppdomain