diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index ecca70a7ee1bb387fdadbaced224d11a906e60c8..796c9436b78be0a10c0f176765d4f306f81298a6 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -162,7 +162,6 @@ neverallow all_untrusted_apps {
   -hal_omx_hwservice
   -untrusted_app_visible_hwservice
 }:hwservice_manager find;
-neverallow untrusted_app_visible_hwservice unlabeled:service_manager list; #TODO: b/62658302
 # Make sure that the following services are never accessible by untrusted_apps
 neverallow all_untrusted_apps {
   default_android_hwservice
diff --git a/public/attributes b/public/attributes
index 1fe3826e2b99865ed213d4d84b1ef95f5508e63c..c9bb8015b53dbf5af473a39eabbebd36be90ba45 100644
--- a/public/attributes
+++ b/public/attributes
@@ -133,16 +133,19 @@ attribute coredomain_socket;
 # All vendor domains which violate the requirement of not using Binder
 # TODO(b/35870313): Remove this once there are no violations
 attribute binder_in_vendor_violators;
+expandattribute binder_in_vendor_violators false;
 
 # All vendor domains which violate the requirement of not using sockets for
 # communicating with core components
 # TODO(b/36577153): Remove this once there are no violations
 attribute socket_between_core_and_vendor_violators;
+expandattribute socket_between_core_and_vendor_violators false;
 
 # All vendor domains which violate the requirement of not executing
 # system processes
 # TODO(b/36463595)
 attribute vendor_executes_system_violators;
+expandattribute vendor_executes_system_violators false;
 
 # hwservices that are accessible from untrusted applications
 # WARNING: Use of this attribute should be avoided unless
@@ -152,11 +155,14 @@ attribute vendor_executes_system_violators;
 # attribute to be submitted to AOSP in order to maintain their
 # app-visibility.
 attribute untrusted_app_visible_hwservice;
+expandattribute untrusted_app_visible_hwservice false;
 
 # PDX services
 attribute pdx_endpoint_dir_type;
 attribute pdx_endpoint_socket_type;
+expandattribute pdx_endpoint_socket_type false;
 attribute pdx_channel_socket_type;
+expandattribute pdx_channel_socket_type false;
 
 pdx_service_attributes(display_client)
 pdx_service_attributes(display_manager)
@@ -177,199 +183,199 @@ expandattribute hal_allocator true;
 attribute hal_allocator_client;
 expandattribute hal_allocator_client true;
 attribute hal_allocator_server;
-expandattribute hal_allocator_server true;
+expandattribute hal_allocator_server false;
 attribute hal_audio;
 expandattribute hal_audio true;
 attribute hal_audio_client;
-expandattribute hal_audio_client true;
+expandattribute hal_audio_client false;
 attribute hal_audio_server;
-expandattribute hal_audio_server true;
+expandattribute hal_audio_server false;
 attribute hal_bluetooth;
 expandattribute hal_bluetooth true;
 attribute hal_bluetooth_client;
 expandattribute hal_bluetooth_client true;
 attribute hal_bluetooth_server;
-expandattribute hal_bluetooth_server true;
+expandattribute hal_bluetooth_server false;
 attribute hal_bootctl;
-expandattribute hal_bootctl true;
+expandattribute hal_bootctl false;
 attribute hal_bootctl_client;
 expandattribute hal_bootctl_client true;
 attribute hal_bootctl_server;
-expandattribute hal_bootctl_server true;
+expandattribute hal_bootctl_server false;
 attribute hal_camera;
-expandattribute hal_camera true;
+expandattribute hal_camera false;
 attribute hal_camera_client;
 expandattribute hal_camera_client true;
 attribute hal_camera_server;
-expandattribute hal_camera_server true;
+expandattribute hal_camera_server false;
 attribute hal_configstore;
 expandattribute hal_configstore true;
 attribute hal_configstore_client;
 expandattribute hal_configstore_client true;
 attribute hal_configstore_server;
-expandattribute hal_configstore_server true;
+expandattribute hal_configstore_server false;
 attribute hal_contexthub;
 expandattribute hal_contexthub true;
 attribute hal_contexthub_client;
 expandattribute hal_contexthub_client true;
 attribute hal_contexthub_server;
-expandattribute hal_contexthub_server true;
+expandattribute hal_contexthub_server false;
 attribute hal_drm;
-expandattribute hal_drm true;
+expandattribute hal_drm false;
 attribute hal_drm_client;
 expandattribute hal_drm_client true;
 attribute hal_drm_server;
-expandattribute hal_drm_server true;
+expandattribute hal_drm_server false;
 attribute hal_dumpstate;
 expandattribute hal_dumpstate true;
 attribute hal_dumpstate_client;
 expandattribute hal_dumpstate_client true;
 attribute hal_dumpstate_server;
-expandattribute hal_dumpstate_server true;
+expandattribute hal_dumpstate_server false;
 attribute hal_fingerprint;
 expandattribute hal_fingerprint true;
 attribute hal_fingerprint_client;
 expandattribute hal_fingerprint_client true;
 attribute hal_fingerprint_server;
-expandattribute hal_fingerprint_server true;
+expandattribute hal_fingerprint_server false;
 attribute hal_gatekeeper;
 expandattribute hal_gatekeeper true;
 attribute hal_gatekeeper_client;
 expandattribute hal_gatekeeper_client true;
 attribute hal_gatekeeper_server;
-expandattribute hal_gatekeeper_server true;
+expandattribute hal_gatekeeper_server false;
 attribute hal_gnss;
 expandattribute hal_gnss true;
 attribute hal_gnss_client;
 expandattribute hal_gnss_client true;
 attribute hal_gnss_server;
-expandattribute hal_gnss_server true;
+expandattribute hal_gnss_server false;
 attribute hal_graphics_allocator;
 expandattribute hal_graphics_allocator true;
 attribute hal_graphics_allocator_client;
 expandattribute hal_graphics_allocator_client true;
 attribute hal_graphics_allocator_server;
-expandattribute hal_graphics_allocator_server true;
+expandattribute hal_graphics_allocator_server false;
 attribute hal_graphics_composer;
 expandattribute hal_graphics_composer true;
 attribute hal_graphics_composer_client;
 expandattribute hal_graphics_composer_client true;
 attribute hal_graphics_composer_server;
-expandattribute hal_graphics_composer_server true;
+expandattribute hal_graphics_composer_server false;
 attribute hal_health;
 expandattribute hal_health true;
 attribute hal_health_client;
 expandattribute hal_health_client true;
 attribute hal_health_server;
-expandattribute hal_health_server true;
+expandattribute hal_health_server false;
 attribute hal_ir;
 expandattribute hal_ir true;
 attribute hal_ir_client;
 expandattribute hal_ir_client true;
 attribute hal_ir_server;
-expandattribute hal_ir_server true;
+expandattribute hal_ir_server false;
 attribute hal_keymaster;
 expandattribute hal_keymaster true;
 attribute hal_keymaster_client;
 expandattribute hal_keymaster_client true;
 attribute hal_keymaster_server;
-expandattribute hal_keymaster_server true;
+expandattribute hal_keymaster_server false;
 attribute hal_light;
 expandattribute hal_light true;
 attribute hal_light_client;
 expandattribute hal_light_client true;
 attribute hal_light_server;
-expandattribute hal_light_server true;
+expandattribute hal_light_server false;
 attribute hal_memtrack;
 expandattribute hal_memtrack true;
 attribute hal_memtrack_client;
 expandattribute hal_memtrack_client true;
 attribute hal_memtrack_server;
-expandattribute hal_memtrack_server true;
+expandattribute hal_memtrack_server false;
 attribute hal_nfc;
 expandattribute hal_nfc true;
 attribute hal_nfc_client;
 expandattribute hal_nfc_client true;
 attribute hal_nfc_server;
-expandattribute hal_nfc_server true;
+expandattribute hal_nfc_server false;
 attribute hal_oemlock;
 expandattribute hal_oemlock true;
 attribute hal_oemlock_client;
 expandattribute hal_oemlock_client true;
 attribute hal_oemlock_server;
-expandattribute hal_oemlock_server true;
+expandattribute hal_oemlock_server false;
 attribute hal_power;
 expandattribute hal_power true;
 attribute hal_power_client;
 expandattribute hal_power_client true;
 attribute hal_power_server;
-expandattribute hal_power_server true;
+expandattribute hal_power_server false;
 attribute hal_sensors;
 expandattribute hal_sensors true;
 attribute hal_sensors_client;
 expandattribute hal_sensors_client true;
 attribute hal_sensors_server;
-expandattribute hal_sensors_server true;
+expandattribute hal_sensors_server false;
 attribute hal_telephony;
 expandattribute hal_telephony true;
 attribute hal_telephony_client;
 expandattribute hal_telephony_client true;
 attribute hal_telephony_server;
-expandattribute hal_telephony_server true;
+expandattribute hal_telephony_server false;
 attribute hal_tetheroffload;
 expandattribute hal_tetheroffload true;
 attribute hal_tetheroffload_client;
 expandattribute hal_tetheroffload_client true;
 attribute hal_tetheroffload_server;
-expandattribute hal_tetheroffload_server true;
+expandattribute hal_tetheroffload_server false;
 attribute hal_thermal;
 expandattribute hal_thermal true;
 attribute hal_thermal_client;
 expandattribute hal_thermal_client true;
 attribute hal_thermal_server;
-expandattribute hal_thermal_server true;
+expandattribute hal_thermal_server false;
 attribute hal_tv_cec;
 expandattribute hal_tv_cec true;
 attribute hal_tv_cec_client;
 expandattribute hal_tv_cec_client true;
 attribute hal_tv_cec_server;
-expandattribute hal_tv_cec_server true;
+expandattribute hal_tv_cec_server false;
 attribute hal_tv_input;
 expandattribute hal_tv_input true;
 attribute hal_tv_input_client;
 expandattribute hal_tv_input_client true;
 attribute hal_tv_input_server;
-expandattribute hal_tv_input_server true;
+expandattribute hal_tv_input_server false;
 attribute hal_usb;
 expandattribute hal_usb true;
 attribute hal_usb_client;
 expandattribute hal_usb_client true;
 attribute hal_usb_server;
-expandattribute hal_usb_server true;
+expandattribute hal_usb_server false;
 attribute hal_vibrator;
 expandattribute hal_vibrator true;
 attribute hal_vibrator_client;
 expandattribute hal_vibrator_client true;
 attribute hal_vibrator_server;
-expandattribute hal_vibrator_server true;
+expandattribute hal_vibrator_server false;
 attribute hal_vr;
 expandattribute hal_vr true;
 attribute hal_vr_client;
 expandattribute hal_vr_client true;
 attribute hal_vr_server;
-expandattribute hal_vr_server true;
+expandattribute hal_vr_server false;
 attribute hal_weaver;
 expandattribute hal_weaver true;
 attribute hal_weaver_client;
 expandattribute hal_weaver_client true;
 attribute hal_weaver_server;
-expandattribute hal_weaver_server true;
+expandattribute hal_weaver_server false;
 attribute hal_wifi;
 expandattribute hal_wifi true;
 attribute hal_wifi_client;
 expandattribute hal_wifi_client true;
 attribute hal_wifi_server;
-expandattribute hal_wifi_server true;
+expandattribute hal_wifi_server false;
 attribute hal_wifi_keystore;
 expandattribute hal_wifi_keystore true;
 attribute hal_wifi_keystore_client;
@@ -381,13 +387,13 @@ expandattribute hal_wifi_offload true;
 attribute hal_wifi_offload_client;
 expandattribute hal_wifi_offload_client true;
 attribute hal_wifi_offload_server;
-expandattribute hal_wifi_offload_server true;
+expandattribute hal_wifi_offload_server false;
 attribute hal_wifi_supplicant;
 expandattribute hal_wifi_supplicant true;
 attribute hal_wifi_supplicant_client;
 expandattribute hal_wifi_supplicant_client true;
 attribute hal_wifi_supplicant_server;
-expandattribute hal_wifi_supplicant_server true;
+expandattribute hal_wifi_supplicant_server false;
 
 # HwBinder services offered across the core-vendor boundary
 #
diff --git a/public/domain.te b/public/domain.te
index 67e792b5088a0536f7ca33d339f6f68077791987..ea63d1c65f0ce7895650c2fc537680ec9a5ac492 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -499,7 +499,6 @@ neverallow {
   -recovery
   -ueventd
 } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
-neverallow hal_bootctl unlabeled:service_manager list; #TODO: b/62658302
 
 # Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
 neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr;
@@ -558,7 +557,6 @@ full_treble_only(`
     -appdomain
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
   } servicemanager:binder { call transfer };
-  neverallow binder_in_vendor_violators unlabeled:service_manager list ; #TODO: b/62658302
 ')
 
 # On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
@@ -617,7 +615,6 @@ full_treble_only(`
     -incidentd # TODO(b/35870313): Remove incidentd from this list once vendor domains no longer declare Binder services
     -tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
   });
-  neverallow socket_between_core_and_vendor_violators unlabeled:service_manager list ; #TODO: b/62658302
 
   # Vendor domains (except netdomain) are not permitted to initiate communications to netd sockets
   neverallow_establish_socket_comms({
@@ -649,10 +646,6 @@ full_treble_only(`
     -pdx_endpoint_socket_type # used by VR layer
     -pdx_channel_socket_type # used by VR layer
   }:sock_file ~{ append getattr ioctl read write };
-  neverallow {
-    pdx_endpoint_socket_type
-    pdx_channel_socket_type
-  } unlabeled:service_manager list; #TODO: b/62658302
 
   # Core domains are not permitted to create/open sockets owned by vendor domains
   neverallow {
@@ -737,7 +730,6 @@ full_treble_only(`
         -crash_dump_exec
         -netutils_wrapper_exec
     }:file { entrypoint execute execute_no_trans };
-    neverallow vendor_executes_system_violators unlabeled:service_manager list; #TODO: b/62658302
 ')
 
 # Only authorized processes should be writing to files in /data/dalvik-cache
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index fc2b5f630a54208917b1f3244acd1155a08c3daa..036e1d2dca7cb2dbca35b58a897c4465bb3fd8e1 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -17,7 +17,6 @@ neverallow {
   -hal_wifi_supplicant_server
   -rild
 } domain:{ tcp_socket udp_socket rawip_socket } *;
-neverallow hal_tetheroffload_server unlabeled:service_manager list; #TODO: b/62658302
 
 ###
 # HALs are defined as an attribute and so a given domain could hypothetically
diff --git a/public/te_macros b/public/te_macros
index 2d1ec0338139be0af0dd9cc7a49d08c525efbe2d..4ac6f58a7e8916dd59ff31f7d2d27be2c1a30d13 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -554,7 +554,6 @@ define(`use_drmservice', `
 define(`add_service', `
   allow $1 $2:service_manager { add find };
   neverallow { domain -$1 } $2:service_manager add;
-  neverallow $1 unlabeled:service_manager add; #TODO: b/62658302
 ')
 
 ###########################################
@@ -566,7 +565,6 @@ define(`add_hwservice', `
   allow $1 $2:hwservice_manager { add find };
   allow $1 hidl_base_hwservice:hwservice_manager add;
   neverallow { domain -$1 } $2:hwservice_manager add;
-  neverallow $1 unlabeled:hwservice_manager add; #TODO: b/62658302
 ')
 
 ##########################################