diff --git a/public/domain.te b/public/domain.te
index 40ebb4dda9988f9f3e5dff644d633eccc02b7ac0..b498cda4d50a6eb4ca42dbfcdb1646c597d7a0a0 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -67,7 +67,12 @@ allow domain null_device:chr_file rw_file_perms;
 allow domain zero_device:chr_file rw_file_perms;
 allow domain ashmem_device:chr_file rw_file_perms;
 # /dev/binder can be accessed by non-vendor domains and by apps
-allow { coredomain appdomain -hwservicemanager } binder_device:chr_file rw_file_perms;
+allow {
+  coredomain
+  appdomain
+  binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
+  -hwservicemanager
+} binder_device:chr_file rw_file_perms;
 # Devices which are not full TREBLE have fewer restrictions on access to /dev/binder
 not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
 allow { domain -servicemanager -vndservicemanager } hwbinder_device:chr_file rw_file_perms;