diff --git a/public/hwservice.te b/public/hwservice.te
index fa838628b817c6e2338477c7f1fd9c0036169f21..09808b33aed4cd179fbfecf4ec6394ce5db8cdce 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -66,3 +66,12 @@ type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
 type thermalcallback_hwservice, hwservice_manager_type;
+
+###
+### Neverallow rules
+###
+
+# hwservicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a
+# hwservice. Trigger a compile error if this occurs.
+neverallow domain ~hwservice_manager_type:hwservice_manager { add find };