diff --git a/private/atrace.te b/private/atrace.te
index 7a7a4ca6410c219ba557a7019294ecf1eda587b1..9c4f342007dc16cff4358c4a58833bcec1adaa0e 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -1,3 +1,24 @@
+# Domain for atrace process spawned by boottrace service.
+
+type atrace_exec, exec_type, file_type;
+
 userdebug_or_eng(`
+  type atrace, domain, domain_deprecated;
+
   init_daemon_domain(atrace)
+
+  # boottrace services uses /data/misc/boottrace/categories
+  allow atrace boottrace_data_file:dir search;
+  allow atrace boottrace_data_file:file r_file_perms;
+
+  # atrace reads the files in /sys/kernel/debug/tracing/
+  allow atrace debugfs_tracing:file r_file_perms;
+
+  # atrace sets debug.atrace.* properties
+  set_prop(atrace, debug_prop)
+
+  # atrace pokes all the binder-enabled processes at startup.
+  binder_use(atrace)
+  allow atrace healthd:binder call;
+  allow atrace surfaceflinger:binder call;
 ')
diff --git a/public/atrace.te b/public/atrace.te
deleted file mode 100644
index b4ae753f72c7fa9c3bef36cb8cd29501ead99ec7..0000000000000000000000000000000000000000
--- a/public/atrace.te
+++ /dev/null
@@ -1,23 +0,0 @@
-# Domain for atrace process spawned by boottrace service.
-type atrace_exec, exec_type, file_type;
-
-userdebug_or_eng(`
-
-  type atrace, domain, domain_deprecated;
-
-  # boottrace services uses /data/misc/boottrace/categories
-  allow atrace boottrace_data_file:dir search;
-  allow atrace boottrace_data_file:file r_file_perms;
-
-  # atrace reads the files in /sys/kernel/debug/tracing/
-  allow atrace debugfs_tracing:file r_file_perms;
-
-  # atrace sets debug.atrace.* properties
-  set_prop(atrace, debug_prop)
-
-  # atrace pokes all the binder-enabled processes at startup.
-  binder_use(atrace)
-  allow atrace healthd:binder call;
-  allow atrace surfaceflinger:binder call;
-
-')