diff --git a/microdroid/init.rc b/microdroid/init.rc
index b683230d..36cddbb5 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -29,7 +29,6 @@ on early-init
     exec - root system -- /system/bin/apexd --vm
 
     perform_apex_config
-    exec_start derive_sdk
 
     exec - root system -- /system/bin/apkdmverity /dev/block/by-name/microdroid-apk /dev/block/by-name/microdroid-apk-idsig microdroid-apk
     mkdir /mnt/apk 0755 system system
diff --git a/microdroid/sepolicy/system/private/derive_classpath.te b/microdroid/sepolicy/system/private/derive_classpath.te
deleted file mode 100644
index 2299ba09..00000000
--- a/microdroid/sepolicy/system/private/derive_classpath.te
+++ /dev/null
@@ -1,25 +0,0 @@
-
-# Domain for derive_classpath
-type derive_classpath, domain, coredomain;
-type derive_classpath_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(derive_classpath)
-
-# Read /apex
-allow derive_classpath apex_mnt_dir:dir r_dir_perms;
-
-# Create /data/system/environ/classpath file
-allow derive_classpath environ_system_data_file:dir rw_dir_perms;
-allow derive_classpath environ_system_data_file:file create_file_perms;
-
-# b/183079517 fails on gphone targets otherwise
-allow derive_classpath unlabeled:dir search;
-
-# Allow derive_classpath to write the classpath into ota dexopt
-# - Read the ota's apex dir
-allow derive_classpath postinstall_apex_mnt_dir:dir r_dir_perms;
-# - Report the BCP to the ota's dexopt
-allow derive_classpath postinstall_dexopt:dir search;
-allow derive_classpath postinstall_dexopt:fd use;
-allow derive_classpath postinstall_dexopt:file read;
-allow derive_classpath postinstall_dexopt:lnk_file read;
-allow derive_classpath postinstall_dexopt_tmpfs:file rw_file_perms;
diff --git a/microdroid/sepolicy/system/private/derive_sdk.te b/microdroid/sepolicy/system/private/derive_sdk.te
deleted file mode 100644
index 1f60e344..00000000
--- a/microdroid/sepolicy/system/private/derive_sdk.te
+++ /dev/null
@@ -1,12 +0,0 @@
-
-# Domain for derive_sdk
-type derive_sdk, domain, coredomain;
-type derive_sdk_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(derive_sdk)
-
-# Read /apex
-allow derive_sdk apex_mnt_dir:dir r_dir_perms;
-
-# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
-set_prop(derive_sdk, module_sdkextensions_prop)
-neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
diff --git a/microdroid/sepolicy/system/private/postinstall_dexopt.te b/microdroid/sepolicy/system/private/postinstall_dexopt.te
index 94af0436..14e7854a 100644
--- a/microdroid/sepolicy/system/private/postinstall_dexopt.te
+++ b/microdroid/sepolicy/system/private/postinstall_dexopt.te
@@ -16,10 +16,6 @@ domain_auto_trans(postinstall_dexopt, dex2oat_exec, dex2oat)
 #   with the `postinstall_file` type by update_engine.
 domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat)
 
-# Run derive_classpath to get the current BCP.
-domain_auto_trans(postinstall_dexopt, derive_classpath_exec, derive_classpath)
-# Allow postinstall_dexopt to make a tempfile for derive_classpath to write into
-tmpfs_domain(postinstall_dexopt);
 allow postinstall_dexopt postinstall_dexopt_tmpfs:file open;
 
 allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
diff --git a/microdroid/sepolicy/system/private/property_contexts b/microdroid/sepolicy/system/private/property_contexts
index c2a3a62c..deeb840c 100644
--- a/microdroid/sepolicy/system/private/property_contexts
+++ b/microdroid/sepolicy/system/private/property_contexts
@@ -32,7 +32,6 @@ service.adb.root u:object_r:shell_prop:s0 exact bool
 ro.logd.kernel u:object_r:logd_prop:s0 exact bool
 
 ro.boottime.adbd                      u:object_r:boottime_prop:s0 exact int
-ro.boottime.derive_sdk                u:object_r:boottime_prop:s0 exact int
 ro.boottime.hwservicemanager          u:object_r:boottime_prop:s0 exact int
 ro.boottime.init                      u:object_r:boottime_prop:s0 exact int
 ro.boottime.init.cold_boot_wait       u:object_r:boottime_prop:s0 exact int
@@ -59,7 +58,6 @@ ro.cold_boot_done u:object_r:cold_boot_done_prop:s0 exact bool
 
 sys.usb.controller u:object_r:usb_control_prop:s0 exact string
 
-init.svc.derive_sdk                u:object_r:init_service_status_private_prop:s0 exact string
 init.svc.hwservicemanager          u:object_r:init_service_status_private_prop:s0 exact string
 init.svc.keystore2                 u:object_r:init_service_status_private_prop:s0 exact string
 init.svc.logd                      u:object_r:init_service_status_private_prop:s0 exact string
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index bc191095..8bdfa9d1 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -59,8 +59,8 @@ const DEBUG_ALLOWED_UIDS: [u32; 2] = [0, 2000];
 
 /// The list of APEXes which microdroid requires.
 /// TODO(b/192200378) move this to microdroid.json?
-const MICRODROID_REQUIRED_APEXES: [&str; 4] =
-    ["com.android.adbd", "com.android.i18n", "com.android.os.statsd", "com.android.sdkext"];
+const MICRODROID_REQUIRED_APEXES: [&str; 3] =
+    ["com.android.adbd", "com.android.i18n", "com.android.os.statsd"];
 
 /// Implementation of `IVirtualizationService`, the entry point of the AIDL service.
 #[derive(Debug, Default)]