diff --git a/public/domain.te b/public/domain.te
index deccae324c5ac45cbf11cad145ea798a6b78b40a..d0c7063a71fdae8df712b60abc107d597d8dc955 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -397,9 +397,11 @@ neverallow { domain -init -vendor_init } proc_security:file { append open read w
 # No domain should be allowed to ptrace init.
 neverallow * init:process ptrace;
 
-# Init can't do anything with binder calls. If this neverallow rule is being
-# triggered, it's probably due to a service with no SELinux domain.
-neverallow * init:binder *;
+# Nobody is allowed to make binder calls into init.
+# Only servicemanager may transfer binder references to init
+# vendor_init shouldn't use binder at all.
+neverallow * init:binder ~{ transfer };
+neverallow { domain -servicemanager } init:binder { transfer };
 neverallow * vendor_init:binder *;
 
 # Don't allow raw read/write/open access to block_device
diff --git a/public/init.te b/public/init.te
index d3a3b1fa69d1dcd4a81ba89608a3c527c856be18..d06219503c9171657a7d75ba415999efe73e9dd7 100644
--- a/public/init.te
+++ b/public/init.te
@@ -512,6 +512,9 @@ allow init vendor_shell_exec:file execute;
 allow init vold_metadata_file:dir create_dir_perms;
 allow init vold_metadata_file:file getattr;
 
+# Allow init to use binder
+binder_use(init);
+
 ###
 ### neverallow rules
 ###