diff --git a/bluetooth.te b/bluetooth.te
index c670b176e161dbd04f1a64c179e416f87597bc7b..ad44ff1d67e36eb628bbf45f22429daa761c7a72 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -60,8 +60,6 @@ allow bluetooth system_api_service:service_manager find;
 service_manager_local_audit_domain(bluetooth)
 auditallow bluetooth {
     tmp_system_server_service
-    -activity_service
-    -appops_service
     -audio_service
     -bluetooth_manager_service
     -connectivity_service
diff --git a/mediaserver.te b/mediaserver.te
index 77b54a392049986a87825a45b4d882c0b22b9e7b..6beae0621e5a1b0e4ed5e538a7af6396e9515655 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -78,6 +78,8 @@ unix_socket_connect(mediaserver, bluetooth, bluetooth)
 # Connect to tee service.
 allow mediaserver tee:unix_stream_socket connectto;
 
+allow mediaserver activity_service:service_manager find;
+allow mediaserver appops_service:service_manager find;
 allow mediaserver drmserver_service:service_manager find;
 allow mediaserver mediaserver_service:service_manager { add find };
 allow mediaserver surfaceflinger_service:service_manager find;
@@ -86,8 +88,6 @@ allow mediaserver tmp_system_server_service:service_manager find;
 service_manager_local_audit_domain(mediaserver)
 auditallow mediaserver {
     tmp_system_server_service
-    -activity_service
-    -appops_service
     -batterystats_service
     -permission_service
     -power_service
diff --git a/nfc.te b/nfc.te
index 34e822894c2133e1d413ab99394bdf3247827c08..556fd2021414c7590240a3fa2ce68a24397f86fc 100644
--- a/nfc.te
+++ b/nfc.te
@@ -30,9 +30,6 @@ allow nfc system_api_service:service_manager find;
 service_manager_local_audit_domain(nfc)
 auditallow nfc {
     tmp_system_server_service
-    -accessibility_service
-    -activity_service
-    -appops_service
     -batterystats_service
     -bluetooth_manager_service
     -connectivity_service
diff --git a/platform_app.te b/platform_app.te
index d16ea1baedd57e8756da222c77ff9d5a38c4dce3..7dedc55436f894c0004b5d68fcc57e45baf4249c 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -39,10 +39,6 @@ allow platform_app system_api_service:service_manager find;
 service_manager_local_audit_domain(platform_app)
 auditallow platform_app {
     tmp_system_server_service
-    -accessibility_service
-    -account_service
-    -activity_service
-    -appops_service
     -appwidget_service
     -assetatlas_service
     -audio_service
diff --git a/radio.te b/radio.te
index 19a9aec019651683d8f7fb0e85bf58eb47307c00..5b158de7e4f854b8bcdf8749516ed99f327ef0b7 100644
--- a/radio.te
+++ b/radio.te
@@ -41,10 +41,6 @@ allow radio system_api_service:service_manager find;
 service_manager_local_audit_domain(radio)
 auditallow radio {
     tmp_system_server_service
-    -accessibility_service
-    -account_service
-    -activity_service
-    -appops_service
     -assetatlas_service
     -bluetooth_manager_service
     -connectivity_service
diff --git a/service.te b/service.te
index eafe163ca9053a6622a09b842f0073169985c26f..e0bcc2f5f343513e7fe6bbb96c06b5114cf2ba4e 100644
--- a/service.te
+++ b/service.te
@@ -11,11 +11,11 @@ type surfaceflinger_service,    service_manager_type;
 type system_app_service,        service_manager_type;
 
 # system_server_services broken down
-type accessibility_service, tmp_system_server_service, service_manager_type;
-type account_service, tmp_system_server_service, service_manager_type;
-type activity_service, tmp_system_server_service, service_manager_type;
+type accessibility_service, app_api_service, system_server_service, service_manager_type;
+type account_service, app_api_service, system_server_service, service_manager_type;
+type activity_service, app_api_service, system_server_service, service_manager_type;
 type alarm_service, tmp_system_server_service, service_manager_type;
-type appops_service, tmp_system_server_service, service_manager_type;
+type appops_service, app_api_service, system_server_service, service_manager_type;
 type appwidget_service, tmp_system_server_service, service_manager_type;
 type assetatlas_service, tmp_system_server_service, service_manager_type;
 type audio_service, tmp_system_server_service, service_manager_type;
diff --git a/system_app.te b/system_app.te
index 6e91dd0ea20ba58a095bf913d9dd5c6565af5b72..eebc644a0ce2c9c4dfc44b79552d8c90253251e7 100644
--- a/system_app.te
+++ b/system_app.te
@@ -60,10 +60,6 @@ allow system_app system_api_service:service_manager find;
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
     tmp_system_server_service
-    -accessibility_service
-    -account_service
-    -activity_service
-    -appops_service
     -appwidget_service
     -assetatlas_service
     -audio_service
diff --git a/system_server.te b/system_server.te
index c80e1859ceed3a9823b206251cf19becd6006812..644ff05f561eeb0b33abc99caf1fdfe27f3657d5 100644
--- a/system_server.te
+++ b/system_server.te
@@ -370,11 +370,7 @@ allow system_server tmp_system_server_service:service_manager { add find };
 service_manager_local_audit_domain(system_server)
 auditallow system_server {
     tmp_system_server_service
-    -accessibility_service
-    -account_service
-    -activity_service
     -alarm_service
-    -appops_service
     -assetatlas_service
     -audio_service
     -backup_service
diff --git a/untrusted_app.te b/untrusted_app.te
index b090fe468704b5d5b6548cc5ef7d72007625cf76..f0961cbcdc46969abd8e02dd7ec3bb3bbfc2389e 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -90,10 +90,6 @@ allow untrusted_app system_api_service:service_manager find;
 service_manager_local_audit_domain(untrusted_app)
 auditallow untrusted_app {
     tmp_system_server_service
-    -accessibility_service
-    -account_service
-    -activity_service
-    -appops_service
     -appwidget_service
     -assetatlas_service
     -audio_service