diff --git a/codec2/msdk-codec2/codec2_hal_default.te b/codec2/msdk-codec2/codec2_hal_default.te
index 19826aba..aaabd8ae 100644
--- a/codec2/msdk-codec2/codec2_hal_default.te
+++ b/codec2/msdk-codec2/codec2_hal_default.te
@@ -14,7 +14,6 @@ hal_client_domain(codec2_hal_default, hal_graphics_allocator)
 hal_server_domain(codec2_hal_default, hal_codec2)
 hal_server_domain(codec2_hal_default, hal_omx)
 
-binder_call(codec2_hal_default, coreu)
 binder_call(codec2_hal_default, appdomain)
 
 get_prop(codec2_hal_default, hwservicemanager_prop)
@@ -24,7 +23,6 @@ module_only(`aafd', `
    get_prop(codec2_hal_default, vendor_media_platform_prop)
 ')
 
-allow codec2_hal_default coreu_service:service_manager find;
 allow codec2_hal_default cameraserver_service:service_manager find;
 allow codec2_hal_default media_session_service:service_manager find;
 allow codec2_hal_default hal_codec2_hwservice:hwservice_manager find;
diff --git a/graphics/mesa/coreu.te b/graphics/mesa/coreu.te
deleted file mode 100644
index 0e03e4a4..00000000
--- a/graphics/mesa/coreu.te
+++ /dev/null
@@ -1,64 +0,0 @@
-#
-# coreu
-#
-
-# Rules for vendor/intel/ufo
-type coreu, domain;
-type coreu_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(coreu);
-
-allow coreu self:capability { sys_admin sys_nice ipc_lock };
-
-# Need to use vendor binder
-vndbinder_use(coreu)
-not_full_treble(`
-  binder_service(coreu)
-  binder_call(coreu, surfaceflinger)
-')
-binder_call(coreu, msync)
-# Allow coreu to find the msync service
-allow coreu msync_service:service_manager find;
-# Find hwc.info service
-allow coreu hwc_info_service:service_manager find;
-# Register the coreu service with binder
-add_service(coreu, coreu_service)
-
-allow coreu self:netlink_kobject_uevent_socket create_socket_perms;
-allowxperm coreu self:netlink_kobject_uevent_socket ioctl SIOCETHTOOL;
-
-# character devices
-allow coreu gpu_device:dir r_dir_perms;
-allow coreu gpu_device:chr_file rw_file_perms;
-
-module_only(`debug_mpm', `
-    allow coreu msr_device:chr_file rw_file_perms;
-')
-
-allow coreu sysfs:file write;
-
-# create temp dirs
-allow coreu tmpfs:dir w_dir_perms;
-
-# XXX Narrow sysfs access
-# path="/sys/bus/pci/devices"
-# path="/sys/devices/pci0000:00/0000:00:00.0/config"
-allow coreu sysfs:dir r_dir_perms;
-allow coreu sysfs:file rw_file_perms;
-
-# gfx access
-allow coreu sysfs_gfx:file rw_file_perms;
-
-allow coreu proc_graphics:file r_file_perms;
-
-#debugfs
-allow coreu debugfs_tracing:file rw_file_perms;
-
-# drm detecting
-allow coreu mediadrmserver:process signull;
-
-#vendor data file
-allow coreu coreu_data_file:dir create_dir_perms;
-allow coreu coreu_data_file:file create_file_perms;
-
-#sysfs
-allow coreu sysfs_app_readable:file { read write };
diff --git a/graphics/mesa/file.te b/graphics/mesa/file.te
index c139ac89..d1ae6847 100644
--- a/graphics/mesa/file.te
+++ b/graphics/mesa/file.te
@@ -17,7 +17,4 @@ type sysfs_app_readable, fs_type, sysfs_type;
 
 typeattribute hal_graphics_allocator_default_tmpfs mlstrustedobject;
 
-#coreu data/vendor permission
-type coreu_data_file, file_type, data_file_type;
-
 type hal_graphics_composer_rw_file, file_type;
diff --git a/graphics/mesa/file_contexts b/graphics/mesa/file_contexts
index 10511a68..5cbf076f 100644
--- a/graphics/mesa/file_contexts
+++ b/graphics/mesa/file_contexts
@@ -3,9 +3,7 @@
 /dev/sw_sync                u:object_r:graphics_device:s0
 
 # system or vendor binaries
-(/system)?/vendor/bin/coreu    u:object_r:coreu_exec:s0
 (/system)?/vendor/bin/gfxd     u:object_r:gfxd_exec:s0
-(/system)?/vendor/bin/msync    u:object_r:msync_exec:s0
 
 # GFX
 /sys/devices/pci0000\:00/0000\:00\:02.0/resource0 u:object_r:sysfs_gfx:s0
@@ -25,6 +23,3 @@
 /(vendor|system/vendor)/lib(64)?/libmd\.so u:object_r:same_process_hal_file:s0
 /(vendor|system/vendor)/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0
 /(vendor|system/vendor)/lib(64)?/dri(/.*)?     u:object_r:same_process_hal_file:s0
-
-#coreu /data/vendor permission
-/data/vendor/coreu(/.*)?       u:object_r:coreu_data_file:s0
diff --git a/graphics/mesa/hal_drm_widevine.te b/graphics/mesa/hal_drm_widevine.te
deleted file mode 100644
index 7adde648..00000000
--- a/graphics/mesa/hal_drm_widevine.te
+++ /dev/null
@@ -1,2 +0,0 @@
-binder_call(hal_drm_default, coreu)
-allow hal_drm_default coreu_service:service_manager find;
diff --git a/graphics/mesa/init.te b/graphics/mesa/init.te
deleted file mode 100644
index ff46793b..00000000
--- a/graphics/mesa/init.te
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# init
-#
-
-allow init { coreu_exec msync_exec }:lnk_file read;
diff --git a/graphics/mesa/mediacodec.te b/graphics/mesa/mediacodec.te
index 0d41285e..380c044c 100644
--- a/graphics/mesa/mediacodec.te
+++ b/graphics/mesa/mediacodec.te
@@ -11,7 +11,6 @@ allow mediacodec graphics_device:dir search;
 allow mediacodec sysfs_app_readable:file r_file_perms;
 allow mediacodec hal_graphics_allocator_default_tmpfs:file { read write map };
 
-allow mediacodec coreu_service:service_manager find;
 allow mediacodec system_file:dir r_dir_perms;
 allow mediacodec gpu_device:dir r_dir_perms;
 allow mediacodec tmpfs:file { read write map };
diff --git a/graphics/mesa/mediaserver.te b/graphics/mesa/mediaserver.te
index a3640c79..fa721196 100644
--- a/graphics/mesa/mediaserver.te
+++ b/graphics/mesa/mediaserver.te
@@ -2,11 +2,6 @@
 # mediaserver
 #
 
-not_full_treble(`
-  binder_call(mediaserver, coreu)
-  allow mediaserver coreu_service:service_manager find;
-')
-
 #allow mediaserver tee_device:chr_file rw_file_perms;
 allow mediaserver proc_graphics:file r_file_perms;
 allow mediaserver graphics_device:chr_file rw_file_perms;
diff --git a/graphics/mesa/msync.te b/graphics/mesa/msync.te
deleted file mode 100644
index 6d3a5b59..00000000
--- a/graphics/mesa/msync.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# Rules for vendor/intel/ufo
-type msync, domain;
-type msync_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(msync);
-
-# Need to use vendor binder
-vndbinder_use(msync)
-not_full_treble(`
-  binder_service(msync)
-')
-add_service(msync, msync_service)
-binder_call(msync, coreu)
-binder_call(msync, hdcpd)
diff --git a/graphics/mesa/surfaceflinger.te b/graphics/mesa/surfaceflinger.te
index 7b959b8c..284b1556 100644
--- a/graphics/mesa/surfaceflinger.te
+++ b/graphics/mesa/surfaceflinger.te
@@ -13,11 +13,6 @@ not_full_treble(`
 allow surfaceflinger cache_file:dir create_dir_perms;
 allow surfaceflinger cache_file:file create_file_perms;
 
-not_full_treble(`
-  binder_call(surfaceflinger, coreu)
-  allow surfaceflinger coreu_service:service_manager find;
-')
-
 allow surfaceflinger sysfs_videostatus:file { getattr w_file_perms };
 
 allow surfaceflinger hal_graphics_allocator_default_tmpfs:file { read write map };
diff --git a/graphics/mesa/vendor_init.te b/graphics/mesa/vendor_init.te
index 23389fa9..82c0d7ba 100644
--- a/graphics/mesa/vendor_init.te
+++ b/graphics/mesa/vendor_init.te
@@ -3,4 +3,3 @@ allow vendor_init vendor_file:system module_load;
 dontaudit vendor_init debugfs_tracing_instances:dir write;
 allow vendor_init mediaserver:process setsched;
 allow vendor_init self:udp_socket create;
-dontaudit vendor_init coreu_data_file:dir create_dir_perms;
diff --git a/graphics/mesa/vndservice.te b/graphics/mesa/vndservice.te
index 7f7d0d89..08d68ce3 100644
--- a/graphics/mesa/vndservice.te
+++ b/graphics/mesa/vndservice.te
@@ -1,4 +1,2 @@
 type hwc_info_service,         vndservice_manager_type;
-type coreu_service,            vndservice_manager_type;
-type msync_service,            vndservice_manager_type;
 type gfxd_service,             vndservice_manager_type;
diff --git a/graphics/mesa/vndservice_contexts b/graphics/mesa/vndservice_contexts
index 1e049c83..74a05508 100644
--- a/graphics/mesa/vndservice_contexts
+++ b/graphics/mesa/vndservice_contexts
@@ -1,4 +1,2 @@
 hwc.info    u:object_r:hwc_info_service:s0
-android.hardware.intel.msync              u:object_r:msync_service:s0
-android.hardware.intel.coreu              u:object_r:coreu_service:s0
 gfxd                                      u:object_r:gfxd_service:s0
diff --git a/graphics/mesa_acrn/adbd.te b/graphics/mesa_acrn/adbd.te
deleted file mode 100644
index 9243dc48..00000000
--- a/graphics/mesa_acrn/adbd.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# to allow CTS/XTS screen capture through method getScreenshot.
-allow adbd graphics_device:dir search;
-allow adbd graphics_device:chr_file { read open };
-allow adbd gpu_device:dir search;
-allow adbd gpu_device:chr_file r_file_perms;
-allow adbd hal_graphics_allocator_default_tmpfs:file { read write };
diff --git a/graphics/mesa_acrn/appdomain.te b/graphics/mesa_acrn/appdomain.te
deleted file mode 100644
index 1f214b15..00000000
--- a/graphics/mesa_acrn/appdomain.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# graphics buffer passed to applications for screencap and rendering
-#allow appdomain surfaceflinger_tmpfs:file { read write };
-allow appdomain hal_graphics_allocator_default_tmpfs:file { read write map };
-allow appdomain gpu_device:dir r_dir_perms;
-allow { appdomain -isolated_app_all } sysfs_app_readable:file r_file_perms;
diff --git a/graphics/mesa_acrn/bootanim.te b/graphics/mesa_acrn/bootanim.te
deleted file mode 100644
index 1952d408..00000000
--- a/graphics/mesa_acrn/bootanim.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow bootanim gpu_device:chr_file rw_file_perms;
-allow bootanim gpu_device:dir r_dir_perms;
diff --git a/graphics/mesa_acrn/domain.te b/graphics/mesa_acrn/domain.te
deleted file mode 100644
index 9e726eb7..00000000
--- a/graphics/mesa_acrn/domain.te
+++ /dev/null
@@ -1 +0,0 @@
-allow domain sysfs_app_readable:dir search;
diff --git a/graphics/mesa_acrn/dumpstate.te b/graphics/mesa_acrn/dumpstate.te
deleted file mode 100644
index 12e406c0..00000000
--- a/graphics/mesa_acrn/dumpstate.te
+++ /dev/null
@@ -1,2 +0,0 @@
-dontaudit dumpstate graphics_device:dir search;
-allow dumpstate sysfs_zram:dir r_dir_perms;
diff --git a/graphics/mesa_acrn/file.te b/graphics/mesa_acrn/file.te
deleted file mode 100644
index ca73e79c..00000000
--- a/graphics/mesa_acrn/file.te
+++ /dev/null
@@ -1,20 +0,0 @@
-# Coreu
-# type coreu_data_file, file_type, data_file_type;
-# GFX
-# XXX Currently this file access was reverted in
-# commit 523d705d8ce68f40a111e851f5d9f65788e1807b
-# under the mixins directory.
-# It was marked as a revert, so we don't ditch
-# the sepolicy at this time.
-# Reviewed-on: https://android.intel.com:443/438133
-type sysfs_gfx, fs_type, sysfs_type;
-
-# i915 videostatus
-type sysfs_videostatus, fs_type, sysfs_type;
-
-# i915 related /proc/driver entry.
-type proc_graphics, fs_type, proc_type;
-
-type sysfs_app_readable, fs_type, sysfs_type;
-
-typeattribute hal_graphics_allocator_default_tmpfs mlstrustedobject;
diff --git a/graphics/mesa_acrn/file_contexts b/graphics/mesa_acrn/file_contexts
deleted file mode 100644
index f1fabfa9..00000000
--- a/graphics/mesa_acrn/file_contexts
+++ /dev/null
@@ -1,25 +0,0 @@
-# devices
-/dev/dri(/.*)?              u:object_r:gpu_device:s0
-/dev/sw_sync                u:object_r:graphics_device:s0
-
-# system or vendor binaries
-(/system)?/vendor/bin/gfxd     u:object_r:gfxd_exec:s0
-
-# GFX
-/sys/devices/pci0000\:00/0000\:00\:02.0/resource0 u:object_r:sysfs_gfx:s0
-
-# i915 videostatus
-/sys/devices/pci0000:00/0000:00:02.0/drm/card0/power/i915_videostatus u:object_r:sysfs_videostatus:s0
-
-/vendor/bin/hw/android\.hardware\.graphics\.composer\.allocator@2\.1-service u:object_r:hal_graphics_composer_default_exec:s0
-/(vendor|system/vendor)/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libdrm_intel\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libskuwa\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/hw/gralloc\.broxton\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libgrallocclient\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libglapi\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/dri/i965_dri\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/hw/vulkan\.broxton\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libmd\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libdrm_intel_pri\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/libdrm_pri\.so u:object_r:same_process_hal_file:s0
diff --git a/graphics/mesa_acrn/genfs_contexts b/graphics/mesa_acrn/genfs_contexts
deleted file mode 100644
index 34cd8afa..00000000
--- a/graphics/mesa_acrn/genfs_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-genfscon proc /driver/i915rpm/i915_rpm_op u:object_r:proc_graphics:s0
-genfscon sysfs /devices/pci0000:00/0000:00:02.0/ u:object_r:sysfs_app_readable:s0
diff --git a/graphics/mesa_acrn/gfxd.te b/graphics/mesa_acrn/gfxd.te
deleted file mode 100644
index dc27e676..00000000
--- a/graphics/mesa_acrn/gfxd.te
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# gfxd
-#
-
-# Rules for vendor/intel/ufo
-type gfxd_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
-  type gfxd, domain;
-  init_daemon_domain(gfxd);
-
-  # Vendor apps are permited to use only stable public services.
-  # per domain.te in system/core
-  #binder_service(gfxd)
-  #binder_use(gfxd)
-
-  # Register the gfxd service with binder
-  dontaudit gfxd gfxd_service:service_manager add;
-
-  permissive gfxd;
-  dontaudit gfxd self:capability_class_set *;
-  dontaudit gfxd kernel:security *;
-  dontaudit gfxd kernel:system *;
-  dontaudit gfxd self:memprotect *;
-  dontaudit gfxd domain:process *;
-  dontaudit gfxd domain:fd *;
-  dontaudit gfxd domain:dir r_dir_perms;
-  dontaudit gfxd domain:lnk_file r_file_perms;
-  dontaudit gfxd domain:{ fifo_file file } rw_file_perms;
-  dontaudit gfxd domain:socket_class_set *;
-  dontaudit gfxd domain:ipc_class_set *;
-  dontaudit gfxd domain:key *;
-  dontaudit gfxd fs_type:filesystem *;
-  dontaudit gfxd {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *;
-  dontaudit gfxd {fs_type dev_type file_type }:{ chr_file file } *;
-  dontaudit gfxd node_type:node *;
-  dontaudit gfxd node_type:{ tcp_socket udp_socket } node_bind;
-  dontaudit gfxd netif_type:netif *;
-  dontaudit gfxd port_type:socket_class_set name_bind;
-  dontaudit gfxd port_type:{ tcp_socket dccp_socket } name_connect;
-  dontaudit gfxd domain:peer recv;
-  dontaudit gfxd domain:binder { call transfer };
-  dontaudit gfxd property_type:property_service set;
-')
diff --git a/graphics/mesa_acrn/hal_graphics_allocator_default.te b/graphics/mesa_acrn/hal_graphics_allocator_default.te
deleted file mode 100644
index 94913db2..00000000
--- a/graphics/mesa_acrn/hal_graphics_allocator_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default gpu_device:chr_file rw_file_perms;
-allow hal_graphics_allocator_default gpu_device:dir r_dir_perms;
diff --git a/graphics/mesa_acrn/hal_graphics_composer_default.te b/graphics/mesa_acrn/hal_graphics_composer_default.te
deleted file mode 100644
index e012f509..00000000
--- a/graphics/mesa_acrn/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,18 +0,0 @@
-vndbinder_use(hal_graphics_composer_default)
-
-binder_call(hal_graphics_composer_default, hal_graphics_allocator_default)
-
-allow hal_graphics_composer_default cache_file:dir create_dir_perms;
-allow hal_graphics_composer_default cache_file:file create_file_perms;
-allow hal_graphics_composer_default gpu_device:chr_file rw_file_perms;
-allow hal_graphics_composer_default gpu_device:dir r_dir_perms;
-
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bind create setopt };
-
-add_service(hal_graphics_composer_default, hwc_info_service)
-
-hal_client_domain(hal_graphics_composer_default, hal_configstore)
-allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
-hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
-
-allow hal_graphics_composer_default sysfs_app_readable:file r_file_perms;
diff --git a/graphics/mesa_acrn/hal_memtrack_default.te b/graphics/mesa_acrn/hal_memtrack_default.te
deleted file mode 100644
index ff802b0c..00000000
--- a/graphics/mesa_acrn/hal_memtrack_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# /sys/devices/pci0000:00/0000:00:02.0/drm/card0/gfx_memtrack/3973
-allow hal_memtrack_default sysfs_app_readable:file r_file_perms;
diff --git a/graphics/mesa_acrn/hal_power_service.te b/graphics/mesa_acrn/hal_power_service.te
deleted file mode 100644
index e117e0d7..00000000
--- a/graphics/mesa_acrn/hal_power_service.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_power_service sysfs_app_readable:file rw_file_perms;
diff --git a/graphics/mesa_acrn/hdcpd.te b/graphics/mesa_acrn/hdcpd.te
deleted file mode 100644
index ca51530a..00000000
--- a/graphics/mesa_acrn/hdcpd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hdcpd proc_graphics:file r_file_perms;
-
diff --git a/graphics/mesa_acrn/mediacodec.te b/graphics/mesa_acrn/mediacodec.te
deleted file mode 100644
index c8bf22ee..00000000
--- a/graphics/mesa_acrn/mediacodec.te
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# mediacodec
-#
-# XXX Refactor to mixin
-# path="/sys/bus/pci/drivers/i915"
-# path="/sys/devices/pci0000:00/0000:00:02.0/config"
-
-allow mediacodec sysfs:dir r_dir_perms;
-allow mediacodec sysfs:file r_file_perms;
-allow mediacodec graphics_device:dir search;
-allow mediacodec hal_graphics_allocator_default_tmpfs:file { read write };
-
-allow mediacodec system_file:dir r_dir_perms;
-allow mediacodec gpu_device:dir r_dir_perms;
diff --git a/graphics/mesa_acrn/mediadrmserver.te b/graphics/mesa_acrn/mediadrmserver.te
deleted file mode 100644
index 951923c5..00000000
--- a/graphics/mesa_acrn/mediadrmserver.te
+++ /dev/null
@@ -1,3 +0,0 @@
-#
-# mediadrmserver
-#
diff --git a/graphics/mesa_acrn/mediaextractor.te b/graphics/mesa_acrn/mediaextractor.te
deleted file mode 100644
index 8ec8b5c6..00000000
--- a/graphics/mesa_acrn/mediaextractor.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow mediaextractor vfat:file r_file_perms;
-
diff --git a/graphics/mesa_acrn/mediaserver.te b/graphics/mesa_acrn/mediaserver.te
deleted file mode 100644
index bca3c5fe..00000000
--- a/graphics/mesa_acrn/mediaserver.te
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# mediaserver
-#
-
-#allow mediaserver tee_device:chr_file rw_file_perms;
-allow mediaserver proc_graphics:file r_file_perms;
-allow mediaserver graphics_device:chr_file rw_file_perms;
-allow mediaserver gpu_device:dir r_dir_perms;
-
-allow mediaserver hal_graphics_allocator_default_tmpfs:file { read write };
diff --git a/graphics/mesa_acrn/shell.te b/graphics/mesa_acrn/shell.te
deleted file mode 100644
index 29fb3733..00000000
--- a/graphics/mesa_acrn/shell.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# XXX Audit me BEFORE COMMITING
-allow shell graphics_device:dir search;
diff --git a/graphics/mesa_acrn/surfaceflinger.te b/graphics/mesa_acrn/surfaceflinger.te
deleted file mode 100644
index 4bead2dd..00000000
--- a/graphics/mesa_acrn/surfaceflinger.te
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# surfaceflinger
-#
-allow surfaceflinger device:dir r_dir_perms;
-
-type surfaceflinger_cache_file, data_file_type, file_type;
-
-not_full_treble(`
-  file_type_auto_trans(surfaceflinger, cache_file, surfaceflinger_cache_file);
-')
-
-allow surfaceflinger cache_file:dir create_dir_perms;
-allow surfaceflinger cache_file:file create_file_perms;
-
-allow surfaceflinger sysfs_videostatus:file { getattr w_file_perms };
-
-allow surfaceflinger hal_graphics_allocator_default_tmpfs:file { read write };
-allow surfaceflinger gpu_device:dir r_dir_perms;
-allow surfaceflinger sysfs_app_readable:file r_file_perms;
diff --git a/graphics/mesa_acrn/system_server.te b/graphics/mesa_acrn/system_server.te
deleted file mode 100644
index b90eebd8..00000000
--- a/graphics/mesa_acrn/system_server.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow system_server hal_graphics_allocator_default_tmpfs:file { read write };
-allow system_server platform_app:file { read write };
-allow system_server priv_app:file { read write };
-allow system_server gpu_device:dir r_dir_perms;
-allow system_server sysfs_app_readable:file r_file_perms;
diff --git a/graphics/mesa_acrn/vndservice.te b/graphics/mesa_acrn/vndservice.te
deleted file mode 100644
index 08d68ce3..00000000
--- a/graphics/mesa_acrn/vndservice.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type hwc_info_service,         vndservice_manager_type;
-type gfxd_service,             vndservice_manager_type;
diff --git a/graphics/mesa_acrn/vndservice_contexts b/graphics/mesa_acrn/vndservice_contexts
deleted file mode 100644
index 74a05508..00000000
--- a/graphics/mesa_acrn/vndservice_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-hwc.info    u:object_r:hwc_info_service:s0
-gfxd                                      u:object_r:gfxd_service:s0
diff --git a/graphics/ufo_common/adbd.te b/graphics/ufo_common/adbd.te
deleted file mode 100644
index 5505101f..00000000
--- a/graphics/ufo_common/adbd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# to allow CTS/XTS screen capture through method getScreenshot.
-allow adbd graphics_device:dir search;
-allow adbd graphics_device:chr_file { read open };
diff --git a/graphics/ufo_common/appdomain.te b/graphics/ufo_common/appdomain.te
deleted file mode 100644
index bd679b55..00000000
--- a/graphics/ufo_common/appdomain.te
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# surfaceflinger
-#
-
-# graphics buffer passed to applications for screencap and rendering
-#allow appdomain surfaceflinger_tmpfs:file { read write };
-allow appdomain hal_graphics_allocator_default_tmpfs:file { read write map };
-allow appdomain sysfs_app_readable:file r_file_perms;
diff --git a/graphics/ufo_common/bootanim.te b/graphics/ufo_common/bootanim.te
deleted file mode 100644
index 8c4d71ce..00000000
--- a/graphics/ufo_common/bootanim.te
+++ /dev/null
@@ -1 +0,0 @@
-allow bootanim sysfs_app_readable:file r_file_perms;
diff --git a/graphics/ufo_common/coreu.te b/graphics/ufo_common/coreu.te
deleted file mode 100644
index 94d1b92c..00000000
--- a/graphics/ufo_common/coreu.te
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# coreu
-#
-
-# Rules for vendor/intel/ufo
-type coreu, domain;
-type coreu_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(coreu);
-
-allow coreu self:capability { sys_admin sys_nice ipc_lock };
-
-# Need to use vendor binder
-vndbinder_use(coreu)
-not_full_treble(`
-  binder_service(coreu)
-  binder_call(coreu, surfaceflinger)
-')
-binder_call(coreu, msync)
-# Allow coreu to find the msync service
-allow coreu msync_service:service_manager find;
-# Find hwc.info service
-allow coreu hwc_info_service:service_manager find;
-# Register the coreu service with binder
-add_service(coreu, coreu_service)
-
-# /data/system/coreu data files are created by
-# coreu daemon, thus a dynamic relabel as well
-# as fc entry to catch relabels.
-allow coreu system_data_file:dir ra_dir_perms;
-allow coreu coreu_data_file:dir create_dir_perms;
-allow coreu coreu_data_file:file create_file_perms;
-type_transition coreu system_data_file:{ dir file } coreu_data_file;
-
-allow coreu self:netlink_kobject_uevent_socket create_socket_perms;
-allowxperm coreu self:netlink_kobject_uevent_socket ioctl SIOCETHTOOL;
-
-# character devices
-allow coreu gpu_device:chr_file rw_file_perms;
-
-module_only(`debug_mpm', `
-    allow coreu msr_device:chr_file rw_file_perms;
-')
-
-allow coreu sysfs:file write;
-
-# create temp dirs
-allow coreu tmpfs:dir w_dir_perms;
-
-# XXX Narrow sysfs access
-# path="/sys/bus/pci/devices"
-# path="/sys/devices/pci0000:00/0000:00:00.0/config"
-allow coreu sysfs:dir r_dir_perms;
-allow coreu sysfs:file rw_file_perms;
-allow coreu sysfs_app_readable:file r_file_perms;
-allow coreu tracing_shell_writable:file rw_file_perms;
-
-# gfx access
-allow coreu sysfs_gfx:file rw_file_perms;
-
-allow coreu proc_graphics:file r_file_perms;
-
-# drm detecting
-allow coreu mediadrmserver:process signull;
diff --git a/graphics/ufo_common/dumpstate.te b/graphics/ufo_common/dumpstate.te
deleted file mode 100644
index e83195d7..00000000
--- a/graphics/ufo_common/dumpstate.te
+++ /dev/null
@@ -1 +0,0 @@
-dontaudit dumpstate graphics_device:dir search;
diff --git a/graphics/ufo_common/file.te b/graphics/ufo_common/file.te
deleted file mode 100644
index b970d086..00000000
--- a/graphics/ufo_common/file.te
+++ /dev/null
@@ -1,22 +0,0 @@
-# Coreu
-type coreu_data_file, file_type, data_file_type;
-type gfxd_data_file, file_type, data_file_type, core_data_file_type;
-
-# GFX
-# XXX Currently this file access was reverted in
-# commit 523d705d8ce68f40a111e851f5d9f65788e1807b
-# under the mixins directory.
-# It was marked as a revert, so we don't ditch
-# the sepolicy at this time.
-# Reviewed-on: https://android.intel.com:443/438133
-type sysfs_gfx, fs_type, sysfs_type;
-
-# i915 videostatus
-type sysfs_videostatus, fs_type, sysfs_type;
-
-# i915 related /proc/driver entry.
-type proc_graphics, fs_type, proc_type;
-
-type sysfs_app_readable, fs_type, sysfs_type;
-
-typeattribute hal_graphics_allocator_default_tmpfs mlstrustedobject;
diff --git a/graphics/ufo_common/genfs_contexts b/graphics/ufo_common/genfs_contexts
deleted file mode 100644
index e5eb946f..00000000
--- a/graphics/ufo_common/genfs_contexts
+++ /dev/null
@@ -1 +0,0 @@
-genfscon proc /driver/i915rpm/i915_rpm_op u:object_r:proc_graphics:s0
diff --git a/graphics/ufo_common/gfxd.te b/graphics/ufo_common/gfxd.te
deleted file mode 100644
index 7529a7b2..00000000
--- a/graphics/ufo_common/gfxd.te
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# gfxd
-#
-
-# Rules for vendor/intel/ufo
-type gfxd_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
-  type gfxd, domain;
-  init_daemon_domain(gfxd);
-
-  # Vendor apps are permited to use only stable public services.
-  # per domain.te in system/core
-  #binder_service(gfxd)
-  #binder_use(gfxd)
-
-  # Register the gfxd service with binder
-  dontaudit gfxd gfxd_service:service_manager add;
-  allow gfxd sysfs_app_readable:file r_file_perms;
-
-  permissive gfxd;
-  dontaudit gfxd self:capability_class_set *;
-  dontaudit gfxd kernel:security *;
-  dontaudit gfxd kernel:system *;
-  dontaudit gfxd self:memprotect *;
-  dontaudit gfxd domain:process *;
-  dontaudit gfxd domain:fd *;
-  dontaudit gfxd domain:dir r_dir_perms;
-  dontaudit gfxd domain:lnk_file r_file_perms;
-  dontaudit gfxd domain:{ fifo_file file } rw_file_perms;
-  dontaudit gfxd domain:socket_class_set *;
-  dontaudit gfxd domain:ipc_class_set *;
-  dontaudit gfxd domain:key *;
-  dontaudit gfxd fs_type:filesystem *;
-  dontaudit gfxd {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *;
-  dontaudit gfxd {fs_type dev_type file_type }:{ chr_file file } *;
-  dontaudit gfxd node_type:node *;
-  dontaudit gfxd node_type:{ tcp_socket udp_socket } node_bind;
-  dontaudit gfxd netif_type:netif *;
-  dontaudit gfxd port_type:socket_class_set name_bind;
-  dontaudit gfxd port_type:{ tcp_socket dccp_socket } name_connect;
-  dontaudit gfxd domain:peer recv;
-  dontaudit gfxd domain:binder { call transfer };
-  dontaudit gfxd property_type:property_service set;
-')
diff --git a/graphics/ufo_common/hal_drm_widevine.te b/graphics/ufo_common/hal_drm_widevine.te
deleted file mode 100644
index 7adde648..00000000
--- a/graphics/ufo_common/hal_drm_widevine.te
+++ /dev/null
@@ -1,2 +0,0 @@
-binder_call(hal_drm_default, coreu)
-allow hal_drm_default coreu_service:service_manager find;
diff --git a/graphics/ufo_common/hal_graphics_composer_default.te b/graphics/ufo_common/hal_graphics_composer_default.te
deleted file mode 100644
index 08d345c0..00000000
--- a/graphics/ufo_common/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,13 +0,0 @@
-vndbinder_use(hal_graphics_composer_default)
-
-binder_call(hal_graphics_composer_default, hal_graphics_allocator_default)
-
-allow hal_graphics_composer_default cache_file:dir create_dir_perms;
-allow hal_graphics_composer_default cache_file:file create_file_perms;
-
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bind create setopt };
-
-add_service(hal_graphics_composer_default, hwc_info_service)
-
-allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
-hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
diff --git a/graphics/ufo_common/hal_memtrack_default.te b/graphics/ufo_common/hal_memtrack_default.te
deleted file mode 100644
index ff802b0c..00000000
--- a/graphics/ufo_common/hal_memtrack_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# /sys/devices/pci0000:00/0000:00:02.0/drm/card0/gfx_memtrack/3973
-allow hal_memtrack_default sysfs_app_readable:file r_file_perms;
diff --git a/graphics/ufo_common/hal_power_service.te b/graphics/ufo_common/hal_power_service.te
deleted file mode 100644
index e117e0d7..00000000
--- a/graphics/ufo_common/hal_power_service.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_power_service sysfs_app_readable:file rw_file_perms;
diff --git a/graphics/ufo_common/hdcpd.te b/graphics/ufo_common/hdcpd.te
deleted file mode 100644
index ca51530a..00000000
--- a/graphics/ufo_common/hdcpd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hdcpd proc_graphics:file r_file_perms;
-
diff --git a/graphics/ufo_common/init.te b/graphics/ufo_common/init.te
deleted file mode 100644
index ff46793b..00000000
--- a/graphics/ufo_common/init.te
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# init
-#
-
-allow init { coreu_exec msync_exec }:lnk_file read;
diff --git a/graphics/ufo_common/mediacodec.te b/graphics/ufo_common/mediacodec.te
deleted file mode 100644
index 5ccdad0f..00000000
--- a/graphics/ufo_common/mediacodec.te
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# mediacodec
-#
-# XXX Refactor to mixin
-# path="/sys/bus/pci/drivers/i915"
-# path="/sys/devices/pci0000:00/0000:00:02.0/config"
-
-allow mediacodec sysfs:dir r_dir_perms;
-allow mediacodec sysfs:file r_file_perms;
-allow mediacodec graphics_device:dir search;
-allow mediacodec sysfs_app_readable:file r_file_perms;
-allow mediacodec hal_graphics_allocator_default_tmpfs:file { read write };
-
-allow mediacodec coreu_service:service_manager find;
-allow mediacodec system_file:dir r_dir_perms;
diff --git a/graphics/ufo_common/mediadrmserver.te b/graphics/ufo_common/mediadrmserver.te
deleted file mode 100644
index cee77a54..00000000
--- a/graphics/ufo_common/mediadrmserver.te
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# mediadrmserver
-#
-not_full_treble(`
-  allow mediadrmserver coreu_service:service_manager find;
-')
-allow mediadrmserver sysfs_app_readable:file r_file_perms;
diff --git a/graphics/ufo_common/mediaextractor.te b/graphics/ufo_common/mediaextractor.te
deleted file mode 100644
index 8ec8b5c6..00000000
--- a/graphics/ufo_common/mediaextractor.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow mediaextractor vfat:file r_file_perms;
-
diff --git a/graphics/ufo_common/mediaserver.te b/graphics/ufo_common/mediaserver.te
deleted file mode 100644
index 082eae2c..00000000
--- a/graphics/ufo_common/mediaserver.te
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# mediaserver
-#
-
-not_full_treble(`
-  binder_call(mediaserver, coreu)
-  allow mediaserver coreu_service:service_manager find;
-')
-
-allow mediaserver tee_device:chr_file rw_file_perms;
-allow mediaserver proc_graphics:file r_file_perms;
-allow mediaserver graphics_device:chr_file rw_file_perms;
-allow mediaserver sysfs_app_readable:file r_file_perms;
-
-allow mediaserver hal_graphics_allocator_default_tmpfs:file { read write };
diff --git a/graphics/ufo_common/msync.te b/graphics/ufo_common/msync.te
deleted file mode 100644
index 6d3a5b59..00000000
--- a/graphics/ufo_common/msync.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# Rules for vendor/intel/ufo
-type msync, domain;
-type msync_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(msync);
-
-# Need to use vendor binder
-vndbinder_use(msync)
-not_full_treble(`
-  binder_service(msync)
-')
-add_service(msync, msync_service)
-binder_call(msync, coreu)
-binder_call(msync, hdcpd)
diff --git a/graphics/ufo_common/nfc.te b/graphics/ufo_common/nfc.te
deleted file mode 100644
index e69de29b..00000000
diff --git a/graphics/ufo_common/shell.te b/graphics/ufo_common/shell.te
deleted file mode 100644
index 29fb3733..00000000
--- a/graphics/ufo_common/shell.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# XXX Audit me BEFORE COMMITING
-allow shell graphics_device:dir search;
diff --git a/graphics/ufo_common/surfaceflinger.te b/graphics/ufo_common/surfaceflinger.te
deleted file mode 100644
index 6da6f128..00000000
--- a/graphics/ufo_common/surfaceflinger.te
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-# surfaceflinger
-#
-allow surfaceflinger device:dir r_dir_perms;
-
-type surfaceflinger_cache_file, data_file_type, file_type;
-
-not_full_treble(`
-  file_type_auto_trans(surfaceflinger, cache_file, surfaceflinger_cache_file);
-')
-
-allow surfaceflinger cache_file:dir remove_name;
-allow surfaceflinger cache_file:file create_file_perms;
-
-not_full_treble(`
-  binder_call(surfaceflinger, coreu)
-  allow surfaceflinger coreu_service:service_manager find;
-')
-
-allow surfaceflinger sysfs_videostatus:file { getattr w_file_perms };
-allow surfaceflinger sysfs_app_readable:file r_file_perms;
-
-allow surfaceflinger hal_graphics_allocator_default_tmpfs:file { read write };
diff --git a/graphics/ufo_common/system_server.te b/graphics/ufo_common/system_server.te
deleted file mode 100644
index b8eff7cf..00000000
--- a/graphics/ufo_common/system_server.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow system_server sysfs_app_readable:file r_file_perms;
-allow system_server hal_graphics_allocator_default_tmpfs:file { read write };
-allow system_server untrusted_app_25:file { read write };
diff --git a/graphics/ufo_common/vndservice.te b/graphics/ufo_common/vndservice.te
deleted file mode 100644
index 7f7d0d89..00000000
--- a/graphics/ufo_common/vndservice.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type hwc_info_service,         vndservice_manager_type;
-type coreu_service,            vndservice_manager_type;
-type msync_service,            vndservice_manager_type;
-type gfxd_service,             vndservice_manager_type;
diff --git a/graphics/ufo_common/vndservice_contexts b/graphics/ufo_common/vndservice_contexts
deleted file mode 100644
index 1e049c83..00000000
--- a/graphics/ufo_common/vndservice_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-hwc.info    u:object_r:hwc_info_service:s0
-android.hardware.intel.msync              u:object_r:msync_service:s0
-android.hardware.intel.coreu              u:object_r:coreu_service:s0
-gfxd                                      u:object_r:gfxd_service:s0
diff --git a/graphics/ufo_gen7/drmserver.te b/graphics/ufo_gen7/drmserver.te
deleted file mode 100644
index 0caa3bd0..00000000
--- a/graphics/ufo_gen7/drmserver.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# aaccess to /data/IntelCPHS.log
-allow drmserver system_data_file:dir { write add_name };
diff --git a/graphics/ufo_gen7/file_contexts b/graphics/ufo_gen7/file_contexts
deleted file mode 100644
index b43b362c..00000000
--- a/graphics/ufo_gen7/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# DRM
-/data/IntelCPHS.log         u:object_r:drm_data_file:s0
diff --git a/graphics/ufo_gen9/borked.te b/graphics/ufo_gen9/borked.te
deleted file mode 100644
index 37aafe0c..00000000
--- a/graphics/ufo_gen9/borked.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# ufo_gen9 also has a weird design where it setprops its version,
-# causing tons of weird setprops accross the system.
-#
-# https://jira01.devtools.intel.com/browse/OAM-33150
-#
-# When that is fixed, this needs to be corrected to be a get_prop() on a read
-# only property.
-set_prop(bootanim, system_prop)
-set_prop(platform_app, system_prop)
-set_prop(priv_app, system_prop)