diff --git a/private/system_server.te b/private/system_server.te
index 3f32147845b8d2a3b3d4aae48d7b2866c51c720d..e4f0909d56c8fe2aa81154deee74e89bd3bd91cb 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -200,11 +200,6 @@ hal_client_domain(system_server, hal_weaver)
 hal_client_domain(system_server, hal_wifi)
 hal_client_domain(system_server, hal_wifi_offload)
 
-# TODO(b/34274385): Remove this once Wi-Fi Supplicant HAL is guaranteed to be binderized on full
-# Treble devices. Passthrough Wi-Fi Supplicant HAL makes system_server touch wpa_socket which is a
-# vendor type. system_server, being a non-vendor component, is not permitted to touch that socket.
-typeattribute system_server socket_between_core_and_vendor_violators;
-
 hal_client_domain(system_server, hal_wifi_supplicant)
 
 # Talk to tombstoned to get ANR traces.
diff --git a/public/te_macros b/public/te_macros
index 020bdc505176a3d8256416ca912dfba1e9019896..3ac0e5dc53d07b83302a04680317e62604fe4acd 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -175,15 +175,17 @@ define(`hal_client_domain', `
 typeattribute $1 halclientdomain;
 typeattribute $1 $2_client;
 
-# TODO(b/34170079): Make the inclusion of the rules below conditional,
-# once we know at build time whether a HAL is going to run in
-# passthrough or binderized mode.
+# TODO(b/34170079): Make the inclusion of the rules below conditional also on
+# non-Treble devices. For now, on non-Treble device, always grant clients of a
+# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
+not_full_treble(`
 typeattribute $1 $2;
 # Find passthrough HAL implementations
 allow $2 system_file:dir r_dir_perms;
 allow $2 vendor_file:dir r_dir_perms;
 allow $2 vendor_file:file { read open getattr execute };
 ')
+')
 
 #####################################
 # passthrough_hal_client_domain(domain, hal_type)