diff --git a/bluetooth.te b/bluetooth.te
index a91f6b2b52f0a2c04adf2741a5f8e004d8f485fa..7d81e098489ff6a4b2958d48ac84a35e978027b1 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -70,6 +70,7 @@ auditallow bluetooth {
-network_management_service
-power_service
-registry_service
+ -user_service
}:service_manager find;
# already open bugreport file descriptors may be shared with
diff --git a/isolated_app.te b/isolated_app.te
index 8930ae68a8d1bf4132e0cdfc9feda6c0651f8432..48bf3defc1abd28c58308d2c8b890087a13c41e9 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,6 +18,8 @@ allow isolated_app app_data_file:file { read write getattr };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
+service_manager_local_audit_domain(isolated_app)
+
#####
##### Neverallow
#####
diff --git a/mediaserver.te b/mediaserver.te
index a8bc55fea0f4a96255b08e6eae54d8f45b522c90..23abb0fb32c87f86bea6abe2233802763eb03422 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -87,10 +87,12 @@ allow mediaserver tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(mediaserver)
auditallow mediaserver {
tmp_system_server_service
+ -activity_service
-appops_service
-batterystats_service
-permission_service
-power_service
+ -processinfo_service
-scheduling_policy_service
}:service_manager find;
diff --git a/nfc.te b/nfc.te
index 00826bb39f999f100f5ed7d6b2782e9b596ab56b..3545e2335316797292febdbcdfedfe95d70b8b0a 100644
--- a/nfc.te
+++ b/nfc.te
@@ -40,6 +40,7 @@ auditallow nfc {
-dropbox_service
-network_management_service
-power_service
+ -registry_service
-trust_service
-user_service
-vibrator_service
diff --git a/platform_app.te b/platform_app.te
index ef6fb78ae499885db7ef1dd2e729c0ddcfb10f16..92ac5adfda8c3f802b778a4d768f00d4e82450e2 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -69,10 +69,14 @@ auditallow platform_app {
-power_service
-registry_service
-search_service
+ -sensorservice_service
-statusbar_service
-trust_service
+ -uimode_service
+ -usb_service
-user_service
-vibrator_service
-wallpaper_service
+ -webviewupdate_service
-wifi_service
}:service_manager find;
diff --git a/radio.te b/radio.te
index b5ff4a7e4c224be11e62209a2153b229a476bd01..4ecf43ca77a23a2a8bacd8ee6009e51824bbb4ca 100644
--- a/radio.te
+++ b/radio.te
@@ -40,13 +40,19 @@ allow radio tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(radio)
auditallow radio {
tmp_system_server_service
+ -accessibility_service
+ -account_service
-activity_service
-appops_service
+ -assetatlas_service
-bluetooth_manager_service
-connectivity_service
-content_service
+ -country_detector_service
-display_service
-dropbox_service
+ -imms_service
+ -input_method_service
-netstats_service
-network_management_service
-notification_service
@@ -54,5 +60,6 @@ auditallow radio {
-registry_service
-trust_service
-user_service
+ -vibrator_service
-wifi_service
}:service_manager find;
diff --git a/system_app.te b/system_app.te
index ac460524db3e4289900967fea4402e488880bbe8..6740dcda6977f683cea8ae623462a0482baa708d 100644
--- a/system_app.te
+++ b/system_app.te
@@ -60,6 +60,7 @@ service_manager_local_audit_domain(system_app)
auditallow system_app {
tmp_system_server_service
-accessibility_service
+ -account_service
-activity_service
-appops_service
-appwidget_service
@@ -73,17 +74,24 @@ auditallow system_app {
-display_service
-dreams_service
-dropbox_service
+ -fingerprint_service
-graphicsstats_service
-input_method_service
-input_service
-lock_settings_service
+ -media_session_service
-mount_service
+ -netstats_service
-network_management_service
+ -network_score_service
-notification_service
-power_service
-print_service
-registry_service
+ -restrictions_service
-sensorservice_service
+ -textservices_service
+ -uimode_service
-usagestats_service
-usb_service
-user_service
diff --git a/system_server.te b/system_server.te
index e967adb8b6ba52c36990aefdbdc7dd091f951930..bec8ec4245d4950a8bf5aeccf23770ab999a5780 100644
--- a/system_server.te
+++ b/system_server.te
@@ -397,6 +397,7 @@ auditallow system_server {
-bluetooth_manager_service
-connectivity_service
-content_service
+ -country_detector_service
-device_policy_service
-display_service
-dreams_service
@@ -412,6 +413,7 @@ auditallow system_server {
-media_router_service
-media_session_service
-mount_service
+ -netpolicy_service
-network_management_service
-network_score_service
-notification_service
diff --git a/untrusted_app.te b/untrusted_app.te
index 4e1164dcdb50ee106eedc79d153dea4c4b283901..a93885a7876b3f16eff0c82d4aa30beecbaa291e 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -98,14 +98,18 @@ auditallow untrusted_app {
-battery_service
-batterystats_service
-bluetooth_manager_service
+ -clipboard_service
-connectivity_service
-content_service
-country_detector_service
-default_android_service
-device_policy_service
+ -diskstats_service
-display_service
-dropbox_service
-graphicsstats_service
+ -healthd_service
+ -imms_service
-input_method_service
-input_service
-jobscheduler_service
@@ -123,13 +127,16 @@ auditallow untrusted_app {
-notification_service
-persistent_data_block_service
-power_service
+ -procstats_service
-registry_service
+ -rttmanager_service
-search_service
-sensorservice_service
-statusbar_service
-textservices_service
-trust_service
-uimode_service
+ -usagestats_service
-user_service
-vibrator_service
-voiceinteraction_service