diff --git a/private/atrace.te b/private/atrace.te
index 31cf9e766d1a05914f2ee449a70514dee90b8f4c..e974b69662bd927b08a2ae66a0314785313a71df 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -1,24 +1,3 @@
-# Domain for atrace process spawned by boottrace service.
-type atrace_exec, exec_type, file_type;
-
 userdebug_or_eng(`
-
-  type atrace, domain, domain_deprecated;
   init_daemon_domain(atrace)
-
-  # boottrace services uses /data/misc/boottrace/categories
-  allow atrace boottrace_data_file:dir search;
-  allow atrace boottrace_data_file:file r_file_perms;
-
-  # atrace reads the files in /sys/kernel/debug/tracing/
-  allow atrace debugfs_tracing:file r_file_perms;
-
-  # atrace sets debug.atrace.* properties
-  set_prop(atrace, debug_prop)
-
-  # atrace pokes all the binder-enabled processes at startup.
-  binder_use(atrace)
-  allow atrace healthd:binder call;
-  allow atrace surfaceflinger:binder call;
-
-')
+')
\ No newline at end of file
diff --git a/private/perfprofd.te b/private/perfprofd.te
index 0122c559022652bef6e9611fb3632c646e2b0e8b..1d2d084bd52fbca8e6c9be4cbafbe7a7b4fcc285 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -1,59 +1,3 @@
-# perfprofd - perf profile collection daemon
-type perfprofd_exec, exec_type, file_type;
-
 userdebug_or_eng(`
-
-  type perfprofd, domain, domain_deprecated, mlstrustedsubject;
-
   init_daemon_domain(perfprofd)
-
-  # perfprofd needs to control CPU hot-plug in order to avoid kernel
-  # perfevents problems in cases where CPU goes on/off during measurement;
-  # this means read access to /sys/devices/system/cpu/possible
-  # and read/write access to /sys/devices/system/cpu/cpu*/online
-  allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
-
-  # perfprofd checks for the existence of and then invokes simpleperf;
-  # simpleperf retains perfprofd domain after exec
-  allow perfprofd system_file:file rx_file_perms;
-
-  # perfprofd reads a config file from /data/data/com.google.android.gms/files
-  allow perfprofd app_data_file:file r_file_perms;
-  allow perfprofd app_data_file:dir search;
-  allow perfprofd self:capability { dac_override };
-
-  # perfprofd opens a file for writing in /data/misc/perfprofd
-  allow perfprofd perfprofd_data_file:file create_file_perms;
-  allow perfprofd perfprofd_data_file:dir rw_dir_perms;
-
-  # perfprofd uses the system log
-  read_logd(perfprofd);
-  write_logd(perfprofd);
-
-  # perfprofd inspects /sys/power/wake_unlock
-  wakelock_use(perfprofd);
-
-  # simpleperf uses ioctl() to turn on kernel perf events measurements
-  allow perfprofd self:capability sys_admin;
-
-  # simpleperf needs to examine /proc to collect task/thread info
-  r_dir_file(perfprofd, domain)
-
-  # simpleperf needs to access /proc/<pid>/exec
-  allow perfprofd self:capability { sys_resource sys_ptrace };
-  neverallow perfprofd domain:process ptrace;
-
-  # simpleperf needs open/read any file that turns up in a profile
-  # to see whether it has a build ID
-  allow perfprofd exec_type:file r_file_perms;
-
-  # simpleperf examines debugfs on startup to collect tracepoint event types
-  allow perfprofd debugfs_tracing:file r_file_perms;
-
-  # simpleperf is going to execute "sleep"
-  allow perfprofd toolbox_exec:file rx_file_perms;
-
-  # needed for simpleperf on some kernels
-  allow perfprofd self:capability ipc_lock;
-
-')
+')
\ No newline at end of file
diff --git a/public/atrace.te b/public/atrace.te
new file mode 100644
index 0000000000000000000000000000000000000000..b4ae753f72c7fa9c3bef36cb8cd29501ead99ec7
--- /dev/null
+++ b/public/atrace.te
@@ -0,0 +1,23 @@
+# Domain for atrace process spawned by boottrace service.
+type atrace_exec, exec_type, file_type;
+
+userdebug_or_eng(`
+
+  type atrace, domain, domain_deprecated;
+
+  # boottrace services uses /data/misc/boottrace/categories
+  allow atrace boottrace_data_file:dir search;
+  allow atrace boottrace_data_file:file r_file_perms;
+
+  # atrace reads the files in /sys/kernel/debug/tracing/
+  allow atrace debugfs_tracing:file r_file_perms;
+
+  # atrace sets debug.atrace.* properties
+  set_prop(atrace, debug_prop)
+
+  # atrace pokes all the binder-enabled processes at startup.
+  binder_use(atrace)
+  allow atrace healthd:binder call;
+  allow atrace surfaceflinger:binder call;
+
+')
diff --git a/public/perfprofd.te b/public/perfprofd.te
new file mode 100644
index 0000000000000000000000000000000000000000..eed7e5848430eb0af6f2c63a0d6d09259e5af112
--- /dev/null
+++ b/public/perfprofd.te
@@ -0,0 +1,57 @@
+# perfprofd - perf profile collection daemon
+type perfprofd_exec, exec_type, file_type;
+
+userdebug_or_eng(`
+
+  type perfprofd, domain, domain_deprecated, mlstrustedsubject;
+
+  # perfprofd needs to control CPU hot-plug in order to avoid kernel
+  # perfevents problems in cases where CPU goes on/off during measurement;
+  # this means read access to /sys/devices/system/cpu/possible
+  # and read/write access to /sys/devices/system/cpu/cpu*/online
+  allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
+
+  # perfprofd checks for the existence of and then invokes simpleperf;
+  # simpleperf retains perfprofd domain after exec
+  allow perfprofd system_file:file rx_file_perms;
+
+  # perfprofd reads a config file from /data/data/com.google.android.gms/files
+  allow perfprofd app_data_file:file r_file_perms;
+  allow perfprofd app_data_file:dir search;
+  allow perfprofd self:capability { dac_override };
+
+  # perfprofd opens a file for writing in /data/misc/perfprofd
+  allow perfprofd perfprofd_data_file:file create_file_perms;
+  allow perfprofd perfprofd_data_file:dir rw_dir_perms;
+
+  # perfprofd uses the system log
+  read_logd(perfprofd);
+  write_logd(perfprofd);
+
+  # perfprofd inspects /sys/power/wake_unlock
+  wakelock_use(perfprofd);
+
+  # simpleperf uses ioctl() to turn on kernel perf events measurements
+  allow perfprofd self:capability sys_admin;
+
+  # simpleperf needs to examine /proc to collect task/thread info
+  r_dir_file(perfprofd, domain)
+
+  # simpleperf needs to access /proc/<pid>/exec
+  allow perfprofd self:capability { sys_resource sys_ptrace };
+  neverallow perfprofd domain:process ptrace;
+
+  # simpleperf needs open/read any file that turns up in a profile
+  # to see whether it has a build ID
+  allow perfprofd exec_type:file r_file_perms;
+
+  # simpleperf examines debugfs on startup to collect tracepoint event types
+  allow perfprofd debugfs_tracing:file r_file_perms;
+
+  # simpleperf is going to execute "sleep"
+  allow perfprofd toolbox_exec:file rx_file_perms;
+
+  # needed for simpleperf on some kernels
+  allow perfprofd self:capability ipc_lock;
+
+')