diff --git a/domain.te b/domain.te
index fcca892f2f179697d67978ce319ba5aee7698e66..085b319243fa32cda9ca763c4bc79d5b15c95c04 100644
--- a/domain.te
+++ b/domain.te
@@ -209,10 +209,11 @@ neverallow domain self:capability2 mac_override;
 # Only recovery needs mac_admin to set contexts not defined in current policy.
 neverallow { domain -recovery } self:capability2 mac_admin;
 
-# Nobody should be able to load a new SELinux policy.
+# Only init should be able to load SELinux policies.
 # The first load technically occurs while still in the kernel domain,
 # but this does not trigger a denial since there is no policy yet.
-neverallow domain kernel:security load_policy;
+# Policy reload requires allowing this to the init domain.
+neverallow { domain -init } kernel:security load_policy;
 
 # Only init and the system_server can set selinux.reload_policy 1
 # to trigger a policy reload.