diff --git a/private/bluetooth.te b/private/bluetooth.te
index 451d27af09347698ac8a10c1628ea7f843d617a7..41867ae459ce25ff48159a6b2ec0ff0a9b6c8e97 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -47,7 +47,6 @@ allow bluetooth bluetooth_service:service_manager find;
 allow bluetooth drmserver_service:service_manager find;
 allow bluetooth mediaserver_service:service_manager find;
 allow bluetooth radio_service:service_manager find;
-allow bluetooth surfaceflinger_service:service_manager find;
 allow bluetooth app_api_service:service_manager find;
 allow bluetooth system_api_service:service_manager find;
 
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 169373636fc0653be95d4e0c3c9c5de48c8da6b3..eeb022bf9be80222cb98d57890a74bfc62b3abd2 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -28,7 +28,6 @@ allow ephemeral_app mediacodec_service:service_manager find;
 allow ephemeral_app mediametrics_service:service_manager find;
 allow ephemeral_app mediadrmserver_service:service_manager find;
 allow ephemeral_app drmserver_service:service_manager find;
-allow ephemeral_app surfaceflinger_service:service_manager find;
 allow ephemeral_app radio_service:service_manager find;
 allow ephemeral_app ephemeral_app_api_service:service_manager find;
 
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 63f56c876ba516623db5277849d4e9f2565c656e..5a5e701bf471f965a6ec08a14734ce5212d4d313 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -19,7 +19,6 @@ allow mediaprovider app_api_service:service_manager find;
 allow mediaprovider audioserver_service:service_manager find;
 allow mediaprovider drmserver_service:service_manager find;
 allow mediaprovider mediaserver_service:service_manager find;
-allow mediaprovider surfaceflinger_service:service_manager find;
 
 # Allow MediaProvider to read/write cached ringtones (opened by system).
 allow mediaprovider ringtone_file:file { getattr read write };
diff --git a/private/nfc.te b/private/nfc.te
index b41558c86b538412f04383d7eb5ab8805bafc6e1..56446f4f7e729ef2c37a1ebd5ceb17c2c49e03fa 100644
--- a/private/nfc.te
+++ b/private/nfc.te
@@ -21,7 +21,6 @@ allow nfc mediaextractor_service:service_manager find;
 allow nfc mediaserver_service:service_manager find;
 
 allow nfc radio_service:service_manager find;
-allow nfc surfaceflinger_service:service_manager find;
 allow nfc app_api_service:service_manager find;
 allow nfc system_api_service:service_manager find;
 allow nfc vr_manager_service:service_manager find;
diff --git a/private/platform_app.te b/private/platform_app.te
index 884c4364ba385f44fefcf819b68e9a2feee5cec2..ee0590cad458462d79205b61a891f1cfb30d0f12 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -53,7 +53,6 @@ allow platform_app mediacodec_service:service_manager find;
 allow platform_app mediadrmserver_service:service_manager find;
 allow platform_app persistent_data_block_service:service_manager find;
 allow platform_app radio_service:service_manager find;
-allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app thermal_service:service_manager find;
 allow platform_app timezone_service:service_manager find;
 allow platform_app app_api_service:service_manager find;
diff --git a/private/priv_app.te b/private/priv_app.te
index f4cfc17369e04d44ad27b73c3301c68bc7a11837..fce2c90198472176ae363873140f416dad52fc8f 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -32,7 +32,6 @@ allow priv_app mediaserver_service:service_manager find;
 allow priv_app nfc_service:service_manager find;
 allow priv_app oem_lock_service:service_manager find;
 allow priv_app radio_service:service_manager find;
-allow priv_app surfaceflinger_service:service_manager find;
 allow priv_app app_api_service:service_manager find;
 allow priv_app system_api_service:service_manager find;
 allow priv_app persistent_data_block_service:service_manager find;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index cce589ea2a234e6d5ed5697c2f3c52823c47cb8f..f96cae0e1d2d12d51b3c0c83af3bac27d2c7db1f 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -75,7 +75,6 @@ allow untrusted_app_all mediametrics_service:service_manager find;
 allow untrusted_app_all mediadrmserver_service:service_manager find;
 allow untrusted_app_all nfc_service:service_manager find;
 allow untrusted_app_all radio_service:service_manager find;
-allow untrusted_app_all surfaceflinger_service:service_manager find;
 allow untrusted_app_all app_api_service:service_manager find;
 allow untrusted_app_all vr_manager_service:service_manager find;
 
diff --git a/private/untrusted_v2_app.te b/private/untrusted_v2_app.te
index 7ed3881882d65afa672b62ae6acba571f2e0b45e..60634aefb155068c668bc26160fecc763cd65f80 100644
--- a/private/untrusted_v2_app.te
+++ b/private/untrusted_v2_app.te
@@ -34,7 +34,6 @@ allow untrusted_v2_app mediametrics_service:service_manager find;
 allow untrusted_v2_app mediadrmserver_service:service_manager find;
 allow untrusted_v2_app nfc_service:service_manager find;
 allow untrusted_v2_app radio_service:service_manager find;
-allow untrusted_v2_app surfaceflinger_service:service_manager find;
 # TODO: potentially provide a tighter list of services here
 allow untrusted_v2_app app_api_service:service_manager find;
 
diff --git a/public/domain.te b/public/domain.te
index 51f4081f67f9c3c238f6fabe1cccb7e96be9b9ec..d283006e320ba6201fbabf961345e5325ad31936 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -551,7 +551,6 @@ full_treble_only(`
     -mediaserver_service
     -nfc_service
     -radio_service
-    -surfaceflinger_service
     -virtual_touchpad_service
     -vr_hwc_service
     -vr_manager_service
diff --git a/public/radio.te b/public/radio.te
index 6f29a705d362c185412e02b36e02e46610fb8d7f..094d39ba6ff76dd0044499cf434b4ec6df106c9c 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -30,7 +30,6 @@ allow radio cameraserver_service:service_manager find;
 allow radio drmserver_service:service_manager find;
 allow radio mediaserver_service:service_manager find;
 allow radio nfc_service:service_manager find;
-allow radio surfaceflinger_service:service_manager find;
 allow radio app_api_service:service_manager find;
 allow radio system_api_service:service_manager find;
 
diff --git a/public/service.te b/public/service.te
index 3b9d60b6763fc2d369a97eeb4883387085e28309..bc1244a7871eca10313c7c31a9c8f219d90ffc68 100644
--- a/public/service.te
+++ b/public/service.te
@@ -23,7 +23,7 @@ type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
 type statscompanion_service,    service_manager_type;
 type storaged_service,          service_manager_type;
-type surfaceflinger_service,    service_manager_type;
+type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;
 type system_app_service,        service_manager_type;
 type thermal_service,           service_manager_type;
 type update_engine_service,     service_manager_type;