diff --git a/public/domain.te b/public/domain.te
index c8b0bc137f5d2675b4c0a948bf270466ac84a422..5e43db9bd0bd76d5312a08babc04b65ca9256403 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -366,9 +366,7 @@ neverallow {
 # b/78174219 b/64114943
 neverallow {
   domain
-  -init
   -shell # stat of /dev, getattr only
-  -vendor_init
   -ueventd
 } keychord_device:chr_file *;
 
diff --git a/public/init.te b/public/init.te
index 5db0ab3bdec83abae66446b2e0979325b44df604..d3a3b1fa69d1dcd4a81ba89608a3c527c856be18 100644
--- a/public/init.te
+++ b/public/init.te
@@ -234,6 +234,7 @@ allow init debugfs_wifi_tracing:file w_file_perms;
 allow init {
   fs_type
   -contextmount_type
+  -keychord_device
   -proc_type
   -sdcard_type
   -sysfs_type
@@ -245,11 +246,12 @@ allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read
 # TODO: auditing to see if this can be deleted entirely
 allow init {
   dev_type
+  -keychord_device
   -kmem_device
   -port_device
   -device
   -vndbinder_device
-  }:chr_file { read open };
+}:chr_file { read open };
 auditallow init {
   dev_type
   -alarm_device
@@ -262,7 +264,6 @@ auditallow init {
   -hwbinder_device
   -hw_random_device
   -input_device
-  -keychord_device
   -kmem_device
   -kmsg_device
   -null_device
@@ -274,7 +275,12 @@ auditallow init {
 }:chr_file { read open };
 
 # chown/chmod on devices.
-allow init { dev_type -kmem_device -port_device }:chr_file setattr;
+allow init {
+  dev_type
+  -keychord_device
+  -kmem_device
+  -port_device
+}:chr_file setattr;
 
 # Unlabeled file access for upgrades from 4.2.
 allow init unlabeled:dir { create_dir_perms relabelfrom };
@@ -464,9 +470,7 @@ allow init hw_random_device:chr_file r_file_perms;
 # only ever accessed by init.
 allow init device:file create_file_perms;
 
-# keychord configuration
-allow init self:global_capability_class_set sys_tty_config;
-allow init keychord_device:chr_file rw_file_perms;
+# keychord retrieval from /dev/input/ devices
 allow init input_device:dir r_dir_perms;
 allow init input_device:chr_file rw_file_perms;
 
diff --git a/public/vendor_init.te b/public/vendor_init.te
index f55b3e818263f91bd5f27dca1c548b788e902916..19d906b47d871b6e3533053f7a1489f25cf348ba 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -99,6 +99,7 @@ allow vendor_init debugfs_tracing:file w_file_perms;
 allow vendor_init {
   fs_type
   -contextmount_type
+  -keychord_device
   -sdcard_type
   -rootfs
   -proc_uid_time_in_state
@@ -119,6 +120,7 @@ allow vendor_init {
 # chown/chmod on devices, e.g. /dev/ttyHS0
 allow vendor_init {
   dev_type
+  -keychord_device
   -kmem_device
   -port_device
   -lowpan_device