diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 4d97b50bf04267490dd434234ea4f3dcc4addc77..fbf6f60a1901914162439f810e895a7827d55a4c 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -280,7 +280,7 @@
 (typeattributeset incident_data_file_26_0 (incident_data_file))
 (typeattributeset incident_service_26_0 (incident_service))
 (typeattributeset init_26_0 (init))
-(typeattributeset init_exec_26_0 (init_exec))
+(typeattributeset init_exec_26_0 (init_exec watchdogd_exec))
 (typeattributeset inotify_26_0 (inotify))
 (typeattributeset input_device_26_0 (input_device))
 (typeattributeset inputflinger_26_0 (inputflinger))
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b2e16ee8f7db9d3ae5b42922b260b631e7e6cc54..056342b0c8c6667260e5da0c05a5fda359c9cd86 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -153,6 +153,7 @@
     wait_for_keymaster
     wait_for_keymaster_exec
     wait_for_keymaster_tmpfs
+    watchdogd_tmpfs
     wpantund
     wpantund_exec
     wpantund_service
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index d0cb9b7bbdce574c2e380b3353b403246b09b4ac..fcf4561c0bb7e65c3f9ddfeda869e4e880514ead 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -993,7 +993,7 @@
 (typeattributeset incident_data_file_27_0 (incident_data_file))
 (typeattributeset incident_service_27_0 (incident_service))
 (typeattributeset init_27_0 (init))
-(typeattributeset init_exec_27_0 (init_exec))
+(typeattributeset init_exec_27_0 (init_exec watchdogd_exec))
 (typeattributeset inotify_27_0 (inotify))
 (typeattributeset input_device_27_0 (input_device))
 (typeattributeset inputflinger_27_0 (inputflinger))
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index ad986fce1ec1cccadf94e2d57e83cb3208d33c73..f99f9a7cfeaaaecbcfcdf9adcd1d343334cb11a0 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -131,6 +131,7 @@
     wait_for_keymaster
     wait_for_keymaster_exec
     wait_for_keymaster_tmpfs
+    watchdogd_tmpfs
     wm_trace_data_file
     wpantund
     wpantund_exec
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index a784b444d08a6e873a71da43a49ace1cac455eb7..054cca26830d9124e6b2fcca20943bb56ddf9db9 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1177,7 +1177,7 @@
 (typeattributeset incident_helper_28_0 (incident_helper))
 (typeattributeset incident_service_28_0 (incident_service))
 (typeattributeset init_28_0 (init))
-(typeattributeset init_exec_28_0 (init_exec))
+(typeattributeset init_exec_28_0 (init_exec watchdogd_exec))
 (typeattributeset inotify_28_0 (inotify))
 (typeattributeset input_device_28_0 (input_device))
 (typeattributeset inputflinger_28_0 (inputflinger))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 1c09df8eeb8c69e0f927bce74df7eba577362327..ad7faa3512806bd5d528f387ecc0ad1f30588a6a 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -13,4 +13,5 @@
     timedetector_service
     timezonedetector_service
     uri_grants_service
-    vrflinger_vsync_service))
+    vrflinger_vsync_service
+    watchdogd_tmpfs))
diff --git a/private/file_contexts b/private/file_contexts
index 804c06fe5bffc1c8a9299c3d2638180c42aa74ae..8f5241bcd56bbee3943fdcf6ad209669fd1b6a69 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -294,6 +294,7 @@
 /system/bin/statsd               u:object_r:statsd_exec:s0
 /system/bin/bpfloader            u:object_r:bpfloader_exec:s0
 /system/bin/wait_for_keymaster   u:object_r:wait_for_keymaster_exec:s0
+/system/bin/watchdogd            u:object_r:watchdogd_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/init.te b/private/init.te
index e9959d3d27aecafc2843fc541d6f0fe661e19c02..4cf69224973580a9336e1ef456111e37398dfd2a 100644
--- a/private/init.te
+++ b/private/init.te
@@ -13,7 +13,6 @@ recovery_only(`
 ')
 domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
-domain_trans(init, init_exec, watchdogd)
 domain_trans(init, init_exec, vendor_init)
 domain_trans(init, { rootfs toolbox_exec }, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
diff --git a/private/watchdogd.te b/private/watchdogd.te
index 36dd30fd77bbb1d38c7ab650449a24ce042e9ab5..91ece70522d11f67b94bab2e45a79122bb44a6cc 100644
--- a/private/watchdogd.te
+++ b/private/watchdogd.te
@@ -1 +1,3 @@
 typeattribute watchdogd coredomain;
+
+init_daemon_domain(watchdogd)
diff --git a/public/watchdogd.te b/public/watchdogd.te
index 00292a9a9914311711ad4ab7e785a89134659b20..d2718d83355c0e786544c9baa1ec945ab16b7348 100644
--- a/public/watchdogd.te
+++ b/public/watchdogd.te
@@ -1,4 +1,6 @@
 # watchdogd seclabel is specified in init.<board>.rc
 type watchdogd, domain;
+type watchdogd_exec, exec_type, file_type;
+
 allow watchdogd watchdog_device:chr_file rw_file_perms;
 allow watchdogd kmsg_device:chr_file rw_file_perms;