diff --git a/public/service.te b/public/service.te
index cf982615b61f90d4c06d88c63cf7e9b437a39296..606602dba1c7633ee31310d8ab64478df4400df1 100644
--- a/public/service.te
+++ b/public/service.te
@@ -180,3 +180,12 @@ type wifiaware_service, app_api_service, system_server_service, service_manager_
 type window_service, system_api_service, system_server_service, service_manager_type;
 type inputflinger_service, system_api_service, system_server_service, service_manager_type;
 type wpantund_service, system_api_service, service_manager_type;
+
+###
+### Neverallow rules
+###
+
+# servicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a service.
+# Trigger a compile error if this occurs.
+neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };