diff --git a/init.te b/init.te
index 9be5955dd..6f2f47fab 100644
--- a/init.te
+++ b/init.te
@@ -1,6 +1,5 @@
 # init switches to init domain (via init.rc).
 type init, domain;
-permissive init;
 # init is unconfined.
 unconfined_domain(init)
 tmpfs_domain(init)
diff --git a/kernel.te b/kernel.te
index e313587b8..d1c1b7f82 100644
--- a/kernel.te
+++ b/kernel.te
@@ -1,6 +1,5 @@
 # Life begins with the kernel.
 type kernel, domain;
-permissive kernel;
 # The kernel is unconfined.
 unconfined_domain(kernel)
 relabelto_domain(kernel)