diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index c730d708b4de4fe575f61408fca7c709ef4013d2..a3d7d498c1efbc880dcfc88af8606319a665dc65 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -160,7 +160,7 @@ neverallow all_untrusted_apps {
   -hal_cas_hwservice
   -untrusted_app_visible_hwservice
 }:hwservice_manager find;
-neverallow untrusted_app_visible_hwservice unlabeled:service_manager list; #TODO: b/62658302
+
 # Make sure that the following services are never accessible by untrusted_apps
 neverallow all_untrusted_apps {
   default_android_hwservice
diff --git a/public/attributes b/public/attributes
index 9ac302b360fc9a541312437c4a6a376906bcc7a4..386b21a569ecf7b0503716484b8b44362b1edc47 100644
--- a/public/attributes
+++ b/public/attributes
@@ -156,6 +156,7 @@ expandattribute vendor_executes_system_violators false;
 # attribute to be submitted to AOSP in order to maintain their
 # app-visibility.
 attribute untrusted_app_visible_hwservice;
+expandattribute untrusted_app_visible_hwservice false;
 
 # halserver domains that are accessible to untrusted applications.  These
 # domains are typically those hosting  hwservices attributed by the