diff --git a/domain.te b/domain.te
index 07bc0ae6554fc053524173fd6b865c46063986b4..e7e0d7d6792545ee34c01ee1529ff8c2362a614e 100644
--- a/domain.te
+++ b/domain.te
@@ -496,6 +496,42 @@ neverallow {
   -surfaceflinger # TODO: see if we can remove from mako sepolicy
 } shell_data_file:lnk_file read;
 
+# In addition to the symlink reading restrictions above, restrict
+# write access to shell owned directories. The /data/local/tmp
+# directory is untrustworthy, and non-whitelisted domains should
+# not be trusting any content in those directories.
+neverallow {
+  domain
+  -adbd
+  -dumpstate
+  -installd
+  -init
+  -shell
+  -vold
+} shell_data_file:dir no_w_dir_perms;
+
+neverallow {
+  domain
+  -adbd
+  -appdomain
+  -dumpstate
+  -init
+  -installd
+  -system_server # why?
+  userdebug_or_eng(`-uncrypt')
+} shell_data_file:dir { open search };
+
+# Same as above for /data/local/tmp files. We allow shell files
+# to be passed around by file descriptor, but not directly opened.
+neverallow {
+  domain
+  -adbd
+  -appdomain
+  -dumpstate
+  -installd
+  userdebug_or_eng(`-uncrypt -procrank')
+} shell_data_file:file open;
+
 # servicemanager is the only process which handles list request
 neverallow domain ~servicemanager:service_manager list;
 
diff --git a/init.te b/init.te
index e81a6124f29b5e662be3ab6d235a9f64e137be46..437066acc5cb4f9ba702925ca5f165201d21221e 100644
--- a/init.te
+++ b/init.te
@@ -286,3 +286,6 @@ neverallow init { file_type fs_type }:file execute_no_trans;
 # Init never adds or uses services via service_manager.
 neverallow init service_manager_type:service_manager { add find };
 neverallow init servicemanager:service_manager list;
+
+# Init should not be creating subdirectories in /data/local/tmp
+neverallow init shell_data_file:dir { write add_name remove_name };