diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 0f0f5776616e5a072c7f67d72b6242c51c66155f..7827c8b11aef54ea953c99aafc2e45328c5667cb 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -21,6 +21,10 @@ neverallow all_untrusted_apps debugfs_type:file read;
 # services.
 neverallow all_untrusted_apps service_manager_type:service_manager add;
 
+# Do not allow untrusted apps to use VendorBinder
+neverallow all_untrusted_apps vndbinder_device:chr_file *;
+neverallow all_untrusted_apps vndservice_manager_type:service_manager *;
+
 # Do not allow untrusted apps to connect to the property service
 # or set properties. b/10243159
 neverallow all_untrusted_apps property_socket:sock_file write;
diff --git a/public/domain.te b/public/domain.te
index f6343362456803241a036369fed881e70881d7fb..1e5c16cd6cd08cda3072b64646325f905f35f77d 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -559,6 +559,27 @@ full_treble_only(`
   } servicemanager:binder { call transfer };
 ')
 
+# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
+full_treble_only(`
+  neverallow {
+    coredomain
+    -shell
+    userdebug_or_eng(`-su')
+    -ueventd # uevent is granted create for this device, but we still neverallow I/O below
+  } vndbinder_device:chr_file rw_file_perms;
+  neverallow ueventd vndbinder_device:chr_file { read write append ioctl };
+  neverallow {
+    coredomain
+    -shell
+    userdebug_or_eng(`-su')
+  } vndservice_manager_type:service_manager *;
+  neverallow {
+    coredomain
+    -shell
+    userdebug_or_eng(`-su')
+  } vndservicemanager:binder *;
+')
+
 # On full TREBLE devices, socket communications between core components and vendor components are
 # not permitted.
 full_treble_only(`
diff --git a/public/init.te b/public/init.te
index e997e1338667619f7c7c0eddbe887316dc16c522..6d43ef463d765923884bf02b42eb67d11d048f09 100644
--- a/public/init.te
+++ b/public/init.te
@@ -205,7 +205,13 @@ allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read
 
 # init should not be able to read or open generic devices
 # TODO: auditing to see if this can be deleted entirely
-allow init { dev_type -kmem_device -port_device -device }:chr_file { read open };
+allow init {
+  dev_type
+  -kmem_device
+  -port_device
+  -device
+  -vndbinder_device
+  }:chr_file { read open };
 auditallow init {
   dev_type
   -alarm_device
diff --git a/public/servicemanager.te b/public/servicemanager.te
index bba9c6edac58b748fe339c6a7846fa540107a851..3cf5a464d7445f1e616f77b6a12bdf1b436bd861 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -9,7 +9,12 @@ type servicemanager_exec, exec_type, file_type;
 # created by other domains.  It never passes its own references
 # or initiates a Binder IPC.
 allow servicemanager self:binder set_context_mgr;
-allow servicemanager { domain -init }:binder transfer;
+allow servicemanager {
+  domain
+  -init
+  -hwservicemanager
+  -vndservicemanager
+}:binder transfer;
 
 # Access to all (system and vendor) service_contexts
 # TODO(b/36866029) access to nonplat_service_contexts