diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index c9fc32c4a..49bc5b338 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te
@@ -7,13 +7,8 @@ allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
 
 # Allow using various binder services
 binder_use(compos);
-allow compos {
-    authfs_binder_service
-    dice_node_service
-}:service_manager find;
+allow compos authfs_binder_service:service_manager find;
 binder_call(compos, authfs_service);
-binder_call(compos, diced);
-allow compos diced:diced { get_attestation_chain derive };
 
 # Read artifacts created by odrefresh and create signature files.
 allow compos authfs_fuse:dir rw_dir_perms;
diff --git a/private/odsign.te b/private/odsign.te
index 381cf179b..86a0a6bb1 100644
--- a/private/odsign.te
+++ b/private/odsign.te
@@ -44,10 +44,6 @@ allow odsign apex_module_data_file:dir { getattr search };
 allow odsign apex_art_data_file:dir { rw_dir_perms rmdir rename };
 allow odsign apex_art_data_file:file { rw_file_perms unlink };
 
-# For CompOS instance & key files
-allow odsign apex_compos_data_file:dir { getattr search };
-allow odsign apex_compos_data_file:file r_file_perms;
-
 # Run odrefresh to refresh ART artifacts
 domain_auto_trans(odsign, odrefresh_exec, odrefresh)