diff --git a/public/domain.te b/public/domain.te
index 100fa0f69ff2ef87e77101090b35a1ad10e03d5a..9f28928a51f903672410694b9be8e66f7edd7a88 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -549,6 +549,8 @@ full_treble_only(`
     -nfc_service
     -radio_service
     -surfaceflinger_service
+    -virtual_touchpad_service
+    -vr_hwc_service
     -vr_manager_service
   }:service_manager find;
   neverallow {
diff --git a/public/virtual_touchpad.te b/public/virtual_touchpad.te
index 544550a8621d1d1bf9eb2d92366ab6800590dbf3..8a28cf0d2f2b89c317a0f96ae1e23564a63b9104 100644
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -7,6 +7,3 @@ add_service(virtual_touchpad, virtual_touchpad_service)
 
 # Requires access to /dev/uinput to create and feed the virtual device.
 allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
-
-# Limit access so that nothing else can inject input.
-neverallow { domain -virtual_touchpad -vr_wm } virtual_touchpad_service:service_manager find;
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index b0d3ad927f05b0fe37b6dd18e89e568924f5c06b..7488cc04ff1f07af6fb44ffdfaba83674142bf8b 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -8,6 +8,7 @@ binder_use(vr_hwc)
 binder_service(vr_hwc)
 
 binder_call(vr_hwc, surfaceflinger)
+# TODO(dnicoara): Remove once vr_wm is disabled.
 binder_call(vr_hwc, vr_wm)
 
 add_service(vr_hwc, vr_hwc_service)
@@ -24,6 +25,3 @@ allow vr_hwc ion_device:chr_file r_file_perms;
 # Allow connection to VR DisplayClient to get the primary display metadata
 # (ie: size).
 use_pdx(vr_hwc, surfaceflinger)
-
-# Limit access so only vr_wm can connect.
-neverallow { domain -vr_hwc -vr_wm } vr_hwc_service:service_manager find;