diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index f143580ddaa89e2b54ed4c4dfd971ae1b8d6ae01..9f5e4fa694b06acbf9e0ec618f3ec5c574898a8d 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -60,7 +60,6 @@ r_dir_file(surfaceflinger, dumpstate)
 
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
-allow surfaceflinger tee:unix_stream_socket connectto;
 allow surfaceflinger tee_device:chr_file rw_file_perms;
 
 
diff --git a/public/drmserver.te b/public/drmserver.te
index 825e828bfaa685a03c3dd1554f7b67958eb8bd79..f752c13ee8dcaf544154395dd86aea68b66e7185 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -31,7 +31,6 @@ type drmserver_socket, file_type;
 # Clearly, /data/app is the most logical place to create a socket.  Not.
 allow drmserver apk_data_file:dir rw_dir_perms;
 allow drmserver drmserver_socket:sock_file create_file_perms;
-allow drmserver tee:unix_stream_socket connectto;
 # Delete old socket file if present.
 allow drmserver apk_data_file:sock_file unlink;
 
diff --git a/public/hal_drm.te b/public/hal_drm.te
index 05fe347847b7b838ce7d353975d3203adbf6257c..a773dd5fc80a70c1e3dbdb2d616d08b127cbbe52 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -34,8 +34,6 @@ allow hal_drm media_data_file:file { getattr read };
 
 allow hal_drm sysfs:file r_file_perms;
 
-# Connect to tee service.
-allow hal_drm tee:unix_stream_socket connectto;
 allow hal_drm tee_device:chr_file rw_file_perms;
 
 # only allow unprivileged socket ioctl commands
diff --git a/public/hal_keymaster.te b/public/hal_keymaster.te
index d50812c3972419fa19e0f3ca018feaf4e0aee596..afcd0bd9ddd47f9480f916a24003895dc6b42873 100644
--- a/public/hal_keymaster.te
+++ b/public/hal_keymaster.te
@@ -2,6 +2,4 @@
 binder_call(hal_keymaster_client, hal_keymaster_server)
 
 allow hal_keymaster tee_device:chr_file rw_file_perms;
-allow hal_keymaster tee:unix_stream_socket connectto;
-
 allow hal_keymaster ion_device:chr_file r_file_perms;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 93f154805c260bc8d8f1e10d21bbed2fdfe3b5fe..e9aa421f6687dbd25f9ccc42f58ca76428a762d8 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -78,9 +78,6 @@ unix_socket_connect(mediaserver, drmserver, drmserver)
 # but seems appropriate for all devices.
 unix_socket_connect(mediaserver, bluetooth, bluetooth)
 
-# Connect to tee service.
-allow mediaserver tee:unix_stream_socket connectto;
-
 add_service(mediaserver, mediaserver_service)
 allow mediaserver activity_service:service_manager find;
 allow mediaserver appops_service:service_manager find;