diff --git a/public/attributes b/public/attributes
index e120c8f21dccd09fc52f186eab9670836bfe82ac..2d5db7f15898a80f61a715b4874715ce727e7073 100644
--- a/public/attributes
+++ b/public/attributes
@@ -44,15 +44,6 @@ attribute core_data_file_type;
 # All types in /vendor
 attribute vendor_file_type;
 
-# All vendor domains which violate the requirement of not accessing
-# data outside /data/vendor.
-# TODO(b/34980020): Remove this once there are no violations
-attribute coredata_in_vendor_violators;
-# All core domains which violate the requirement of not accessing vendor
-# owned data.
-# TODO(b/34980020): Remove this once there are no violations
-attribute vendordata_in_core_violators;
-
 # All types use for sysfs files.
 attribute sysfs_type;
 
diff --git a/public/domain.te b/public/domain.te
index 9c591db59f1958081ce5a6de8bebc9f02d363545..10e1bb521b5a814ca4494583caf431f7b86bf343 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -545,64 +545,6 @@ full_treble_only(`
   } servicemanager:binder { call transfer };
 ')
 
-##
-# On full TREBLE devices core android components and vendor components may
-# not directly access each other's data types. All communication must occur
-# over HW binder. Open file descriptors may be passed and read/write/stat
-# operations my be performed on those FDs. Disallow all other operations.
-full_treble_only(`
-  # do not allow vendor component access to coredomains data types
-  neverallow {
-    domain
-    -coredomain
-    -appdomain
-    -coredata_in_vendor_violators
-  }
-    core_data_file_type
-    -zoneinfo_data_file # Stable API provided by libc
-  :{
-    file_class_set
-  } ~{ append getattr ioctl read write };
-  # do not allow vendor component access to coredomains data directories.
-  # /data has the system_data_file type. Allow all domains to have dir
-  # search permissions which allows path traversal.
-  neverallow {
-    domain
-    -coredomain
-    -appdomain
-    -coredata_in_vendor_violators
-  } {
-    core_data_file_type
-    -system_data_file
-    -zoneinfo_data_file # Stable API provided by libc
-  }:dir *;
-  neverallow {
-    domain
-    -coredomain
-    -appdomain
-    -coredata_in_vendor_violators
-  } system_data_file:dir ~search;
-  # do not allow coredomains to directly access vendor data. Exempt init
-  # because it is responsible for dir/file creation in init.rc scripts.
-  # Also exempt halclientdomain to exclude rules for passthrough mode.
-  neverallow {
-    coredomain
-    -halclientdomain
-    -init
-    -vendordata_in_core_violators
-  } {
-    data_file_type
-    -core_data_file_type
-  }:file_class_set ~{ append getattr ioctl read write };
-  # do not allow coredomain to access vendor data directories.
-  neverallow {
-    coredomain
-    -halclientdomain
-    -init
-    -vendordata_in_core_violators
-    } { data_file_type -core_data_file_type }:dir *;
-')
-
 # On full TREBLE devices, socket communications between core components and vendor components are
 # not permitted.
 full_treble_only(`
diff --git a/public/rild.te b/public/rild.te
index 77f146ba5c1eff9ed953b891f6c48b2ab4ea3707..e4b01869064be3858275b2f1c5237c9ceb34e1d1 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -19,9 +19,6 @@ allow rild efs_file:file create_file_perms;
 allow rild shell_exec:file rx_file_perms;
 allow rild bluetooth_efs_file:file r_file_perms;
 allow rild bluetooth_efs_file:dir r_dir_perms;
-# TODO (b/36601950) remove RILD's access to radio_data_file and
-# system_data_file. Remove coredata_in_vendor_violators attribute.
-typeattribute rild coredata_in_vendor_violators;
 allow rild radio_data_file:dir rw_dir_perms;
 allow rild radio_data_file:file create_file_perms;
 allow rild sdcard_type:dir r_dir_perms;
diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index a10a6cf5b4726fa531e14140b739dba41de18f89..9c38819c79199804ce3a4684c45db5886cccb77e 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -7,7 +7,3 @@ init_daemon_domain(hal_audio_default)
 hal_client_domain(hal_audio_default, hal_allocator)
 
 typeattribute hal_audio_default socket_between_core_and_vendor_violators;
-# TODO (b/36601590) move hal_audio's data file to
-# /data/vendor/hardware/hal_audio. Remove coredata_in_vendor_violators
-# attribute.
-typeattribute hal_audio_default coredata_in_vendor_violators;
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index 60b6a5ced8f1c91c89f77b26e22c4ce1d3c46876..8f86a2717f615882ce7b895b7af3f5fd7d410822 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -3,8 +3,3 @@ hal_server_domain(hal_camera_default, hal_camera)
 
 type hal_camera_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_camera_default)
-
-# TODO (b/36601397) move hal_camera's data file to
-# /data/vendor/hardware/hal_camera. Remove coredata_in_vendor_violators
-# attribute.
-typeattribute hal_camera_default coredata_in_vendor_violators;
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index 3aeec069d1d5abf1a097b68449116e62a1f04c0f..b79c3b580e12bd973ef3cf85e986ea992fb999c0 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -6,8 +6,3 @@ init_daemon_domain(hal_drm_default)
 
 allow hal_drm_default mediacodec:fd use;
 allow hal_drm_default { appdomain -isolated_app }:fd use;
-
-# TODO (b/36601695) remove hal_drm's access to /data or move to
-# /data/vendor/hardware/hal_drm. Remove coredata_in_vendor_violators
-# attribute.
-typeattribute hal_drm_default coredata_in_vendor_violators;
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index 322c1040e276d6b4018e9ad0e95c8166714d8eb3..638b6030c4aa563a6e3ecee7088bb482375290e3 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -3,7 +3,3 @@ hal_server_domain(hal_fingerprint_default, hal_fingerprint)
 
 type hal_fingerprint_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_fingerprint_default)
-
-# TODO (b/36644492) move hal_fingerprint's data file to
-# /data/vendor/. Remove coredata_in_vendor_violators attribute.
-typeattribute hal_fingerprint_default coredata_in_vendor_violators;
diff --git a/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te
index 2f1c0925554f6892fb8a17f923d81fc06f6ae515..6a1002f09114e12087a1043ea5337d4e336fed53 100644
--- a/vendor/hal_nfc_default.te
+++ b/vendor/hal_nfc_default.te
@@ -4,8 +4,4 @@ hal_server_domain(hal_nfc_default, hal_nfc)
 type hal_nfc_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_nfc_default)
 
-# TODO (b/36645109) Remove hal_nfc's access to the nfc app's
-# data type. Remove coredata_in_vendor_violators and
-# socket_between_core_and_vendor_violators attribute associations below.
-typeattribute hal_nfc_default coredata_in_vendor_violators;
 typeattribute hal_nfc_default socket_between_core_and_vendor_violators;
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
index c2bdc738bed01ab832d28afeef73c9ed638028f7..62b03be4abcdf1cce9321b432b115308b6416fb0 100644
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -11,8 +11,3 @@ type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "socke
 # Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
 hwbinder_use(hal_wifi_supplicant_default)
 binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)
-
-# TODO (b/36645291) Move hal_wifi_supplicant's data access to /data/vendor
-# Remove coredata_in_vendor_violators attribute.
-# wpa supplicant or equivalent
-typeattribute hal_wifi_supplicant_default coredata_in_vendor_violators;
diff --git a/vendor/hostapd.te b/vendor/hostapd.te
index d20581e0cf1601a6fd4a4678ff3ec2ee98ade6d4..2c62cf03508096aea768475b5bb6cffd5c9b1e87 100644
--- a/vendor/hostapd.te
+++ b/vendor/hostapd.te
@@ -31,7 +31,3 @@ r_dir_file(hostapd, wifi_data_file)
 allow hostapd hostapd_socket:dir create_dir_perms;
 # hostapd needs to create, bind to, read, and write its control socket.
 allow hostapd hostapd_socket:sock_file create_file_perms;
-
-# TODO (b/36646171) Move hostapd's data access to /data/vendor
-# Remove coredata_in_vendor_violators attribute.
-typeattribute hostapd coredata_in_vendor_violators;
diff --git a/vendor/tee.te b/vendor/tee.te
index e5e8b2d2d32d3684049985dd71664eb6d4476b72..f7c2cb59f544ba073691116110972ef53de82635 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -15,7 +15,5 @@ allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
 allow tee ion_device:chr_file r_file_perms;
 r_dir_file(tee, sysfs_type)
 
-# TODO(b/36720355): Remove this once tee no longer access non-vendor files
-typeattribute tee coredata_in_vendor_violators;
 allow tee system_data_file:file { getattr read };
 allow tee system_data_file:lnk_file r_file_perms;