diff --git a/domain.te b/domain.te
index 6cf7be34b4c190dfda475b782880928c280c0eee..243c992f32f2100c63ce50d1c48bcfba75930e07 100644
--- a/domain.te
+++ b/domain.te
@@ -329,3 +329,6 @@ neverallow { domain -recovery } system_block_device:blk_file write;
 
 # No domains other than install_recovery or recovery can write to recovery.
 neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
+
+# Only servicemanager should be able to register with binder as the context manager
+neverallow { domain -servicemanager } *:binder set_context_mgr;