diff --git a/domain.te b/domain.te
index 9ae611c6e103747f1b969c5f9ef273dc276897db..9e26348483a67f500ab187861acf275f0c540754 100644
--- a/domain.te
+++ b/domain.te
@@ -51,7 +51,7 @@ userdebug_or_eng(`
   allow domain su:fd use;
   allow domain su:unix_stream_socket { getattr getopt read write shutdown };
 
-  binder_call(domain, su)
+  binder_call({ domain -init }, su)
 
   # Running something like "pm dump com.android.bluetooth" requires
   # fifo writes
@@ -245,9 +245,9 @@ neverallow { domain -init } proc_security:file { append write };
 # No domain should be allowed to ptrace init.
 neverallow domain init:process ptrace;
 
-# Init can't receive binder calls. If this neverallow rule is being
+# Init can't do anything with binder calls. If this neverallow rule is being
 # triggered, it's probably due to a service with no SELinux domain.
-neverallow domain init:binder call;
+neverallow domain init:binder *;
 
 # Don't allow raw read/write/open access to block_device
 # Rather force a relabel to a more specific type
diff --git a/servicemanager.te b/servicemanager.te
index a92891641fad535a3ffd21ff465b18a3346fa63a..d20872c617661811ab9df19d63efc4eaf2bbea49 100644
--- a/servicemanager.te
+++ b/servicemanager.te
@@ -11,7 +11,7 @@ init_daemon_domain(servicemanager)
 # created by other domains.  It never passes its own references
 # or initiates a Binder IPC.
 allow servicemanager self:binder set_context_mgr;
-allow servicemanager domain:binder transfer;
+allow servicemanager { domain -init }:binder transfer;
 
 # Check SELinux permissions.
 selinux_check_access(servicemanager)