diff --git a/public/domain.te b/public/domain.te
index c37e7422ad9f8bbecf4857fbb562153bfa73eca4..97d6a111fc655cc44f5e4cb278233aa2f9c69db4 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -442,36 +442,19 @@ full_treble_only(`
-appdomain
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
} binder_device:chr_file rw_file_perms;
- neverallow {
- domain
- -coredomain
- -appdomain # restrictions for vendor apps are declared lower down
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } service_manager_type:service_manager find;
- # Vendor apps are permited to use only stable public services. If they were to use arbitrary
- # services which can change any time framework/core is updated, breakage is likely.
- neverallow {
- appdomain
- -coredomain
- } {
- service_manager_type
- -app_api_service
- -ephemeral_app_api_service
- }:service_manager find;
neverallow {
domain
-coredomain
-appdomain
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
} servicemanager:binder { call transfer };
-')
-##
-# On full TREBLE devices core android components and vendor components may
-# not directly access each other's data types. All communication must occur
-# over HW binder. Open file descriptors may be passed and read/write/stat
-# operations my be performed on those FDs. Disallow all other operations.
-full_treble_only(`
+ ##
+ # On full TREBLE devices core android components and vendor components may
+ # not directly access each other data types. All communication must occur
+ # over HW binder. Open file descriptors may be passed and read/write/stat
+ # operations my be performed on those FDs. Disallow all other operations.
+ #
# do not allow vendor component access to coredomains data types
neverallow {
domain
@@ -496,6 +479,7 @@ full_treble_only(`
-appdomain
-coredata_in_vendor_violators
} system_data_file:dir ~search;
+
')
# On full TREBLE devices, socket communications between core components and vendor components are