diff --git a/public/vold.te b/public/vold.te
index df72f29ec0326be23c54a70409ffe2d0389f514d..8db19fcef291a4019242fab80b4c6e5588bfe212 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -165,7 +165,7 @@ hal_client_domain(vold, hal_keymaster)
 hal_client_domain(vold, hal_health_storage)
 
 # talk to bootloader HAL
-hal_client_domain(vold, hal_bootctl)
+full_treble_only(`hal_client_domain(vold, hal_bootctl)')
 
 # Access userdata block device.
 allow vold userdata_block_device:blk_file rw_file_perms;