diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 208eb8c696edbefac205177e56f914f9421e87cb..323fb0a0c0c1c01b24e8fbd974ae96068a430f82 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -14,8 +14,6 @@
 (type thermalcallback_hwservice)
 (type untrusted_v2_app)
 (type vcs_device)
-(type thermalserviced)
-(type thermalserviced_exec)
 
 ;; Public 28.0 SEPolicy is divergent on different devices w.r.t
 ;; exported_audio_prop type. We need this typeattribute declaration so that the
@@ -740,6 +738,8 @@
 (expandtypeattribute (textservices_service_28_0) true)
 (expandtypeattribute (thermalcallback_hwservice_28_0) true)
 (expandtypeattribute (thermal_service_28_0) true)
+(expandtypeattribute (thermalserviced_28_0) true)
+(expandtypeattribute (thermalserviced_exec_28_0) true)
 (expandtypeattribute (timezone_service_28_0) true)
 (expandtypeattribute (tmpfs_28_0) true)
 (expandtypeattribute (tombstoned_28_0) true)
@@ -1603,6 +1603,8 @@
 (typeattributeset textservices_service_28_0 (textservices_service))
 (typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
 (typeattributeset thermal_service_28_0 (thermal_service))
+(typeattributeset thermalserviced_28_0 (thermalserviced))
+(typeattributeset thermalserviced_exec_28_0 (thermalserviced_exec))
 (typeattributeset timezone_service_28_0 (timezone_service))
 (typeattributeset tmpfs_28_0 (tmpfs))
 (typeattributeset tombstoned_28_0 (tombstoned))
diff --git a/private/file_contexts b/private/file_contexts
index 3ba8fcff31622cc0d91062ee4099655f45ca14aa..abef72b8fc81af5a539da424b79b5323c21f4c2b 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -276,6 +276,7 @@
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
 /system/bin/storaged             u:object_r:storaged_exec:s0
+/system/bin/thermalserviced      u:object_r:thermalserviced_exec:s0
 /system/bin/wpantund             u:object_r:wpantund_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
 /system/bin/hw/android\.frameworks\.bufferhub@1\.0-service    u:object_r:fwk_bufferhub_exec:s0
diff --git a/private/system_server.te b/private/system_server.te
index 902609c764bec05d0fef147b5e73e27c2f229191..3806d23941cd6110fac5e4e4c3d659d7267bedd5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -687,6 +687,7 @@ allow system_server netd_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;
 allow system_server stats_service:service_manager find;
+allow system_server thermal_service:service_manager find;
 allow system_server storaged_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server update_engine_service:service_manager find;
diff --git a/private/thermalserviced.te b/private/thermalserviced.te
new file mode 100644
index 0000000000000000000000000000000000000000..1a09e203e4fbb903002e7964248c565d79ab067c
--- /dev/null
+++ b/private/thermalserviced.te
@@ -0,0 +1,4 @@
+typeattribute thermalserviced coredomain;
+
+init_daemon_domain(thermalserviced)
+
diff --git a/public/service.te b/public/service.te
index 5a849cb47c56365b340f82f327aa4539c2850023..8a59bff92af9f8dbb12fa61642211f31eae23db0 100644
--- a/public/service.te
+++ b/public/service.te
@@ -29,6 +29,7 @@ type secure_element_service,    service_manager_type;
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;
 type system_app_service,        service_manager_type;
+type thermal_service,           service_manager_type;
 type update_engine_service,     service_manager_type;
 type virtual_touchpad_service,  service_manager_type;
 type vold_service,              service_manager_type;
@@ -152,7 +153,6 @@ type task_service, system_server_service, service_manager_type;
 type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type thermal_service, system_server_service, service_manager_type;
 type timedetector_service, system_server_service, service_manager_type;
 type timezone_service, system_server_service, service_manager_type;
 type timezonedetector_service, system_server_service, service_manager_type;
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
new file mode 100644
index 0000000000000000000000000000000000000000..4716826226f8d0acc2a5448be70b76a68e72f093
--- /dev/null
+++ b/public/thermalserviced.te
@@ -0,0 +1,14 @@
+# thermalserviced -- thermal management services for system and vendor
+type thermalserviced, domain;
+type thermalserviced_exec, system_file_type, exec_type, file_type;
+
+binder_use(thermalserviced)
+binder_service(thermalserviced)
+add_service(thermalserviced, thermal_service)
+
+hwbinder_use(thermalserviced)
+hal_client_domain(thermalserviced, hal_thermal)
+add_hwservice(thermalserviced, thermalcallback_hwservice)
+
+binder_call(thermalserviced, platform_app)
+binder_call(thermalserviced, system_server)