diff --git a/app.te b/app.te
index 028bf4544d9f7ac969ed5d2fadad21b02585c101..7984f1099f9ee054a26589663d13b770459eb1f1 100644
--- a/app.te
+++ b/app.te
@@ -67,6 +67,10 @@ bluetooth_domain(release_app)
 # Read logs.
 allow release_app log_device:chr_file read;
 
+# Services with isolatedProcess=true in their manifest.
+type isolated_app, domain;
+app_domain(isolated_app)
+
 #
 # An example of a specific domain for a specific app
 # A domain for com.android.browser.
diff --git a/seapp_contexts b/seapp_contexts
index 71eca75b81ca89d4e63fa2607ece7b7cd591a95a..0050cc263c2484da1b6b900435b45bc38e7d61c5 100644
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -39,3 +39,4 @@ user=app_* seinfo=shared domain=shared_app type=platform_app_data_file
 user=app_* seinfo=media domain=media_app type=platform_app_data_file
 user=app_* seinfo=release domain=release_app type=platform_app_data_file
 user=app_* seinfo=release name=com.android.browser domain=browser_app type=platform_app_data_file
+user=isolated domain=isolated_app levelFromUid=true