diff --git a/public/mediacodec.te b/public/mediacodec.te
index 721f624b50f1cfcf422ec122432b038c68be7a7f..b8cde809ec8e69b751f6096e4ca090b92a3297e6 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -1,6 +1,6 @@
 # mediacodec - audio and video codecs live here
 type mediacodec, domain;
-type mediacodec_exec, exec_type, file_type;
+type mediacodec_exec, exec_type, vendor_file_type, file_type;
 
 typeattribute mediacodec mlstrustedsubject;
 
diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index 79c0814c77e44fefa4730e9bdf9c1bb0278b1405..a10a6cf5b4726fa531e14140b739dba41de18f89 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -1,7 +1,7 @@
 type hal_audio_default, domain;
 hal_server_domain(hal_audio_default, hal_audio)
 
-type hal_audio_default_exec, exec_type, file_type;
+type hal_audio_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_audio_default)
 
 hal_client_domain(hal_audio_default, hal_allocator)
diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index e32770dc8c2e7852267a0cb056284db98f5906d8..01d60dbb8852ed1d08cbe9b95e84b1d2197c6ddd 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -1,5 +1,5 @@
 type hal_bluetooth_default, domain;
 hal_server_domain(hal_bluetooth_default, hal_bluetooth)
 
-type hal_bluetooth_default_exec, exec_type, file_type;
+type hal_bluetooth_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_bluetooth_default)
diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
index 9986fb5c748ec7faf15e674146e34e92628a090d..ca30e584c2e62cd3daf76f26b3d8d86394704c4d 100644
--- a/vendor/hal_bootctl_default.te
+++ b/vendor/hal_bootctl_default.te
@@ -2,5 +2,5 @@
 type hal_bootctl_default, domain;
 hal_server_domain(hal_bootctl_default, hal_bootctl)
 
-type hal_bootctl_default_exec, exec_type, file_type;
+type hal_bootctl_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_bootctl_default)
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index 449f15915f9082bc2a1dd8ce42b93ca787c386dc..60b6a5ced8f1c91c89f77b26e22c4ce1d3c46876 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -1,7 +1,7 @@
 type hal_camera_default, domain;
 hal_server_domain(hal_camera_default, hal_camera)
 
-type hal_camera_default_exec, exec_type, file_type;
+type hal_camera_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_camera_default)
 
 # TODO (b/36601397) move hal_camera's data file to
diff --git a/vendor/hal_configstore_default.te b/vendor/hal_configstore_default.te
index e8930ca8da3a3c27875fd9e03ada0f3163b41760..cc61a16200457055e2735a359e8021bd77236804 100644
--- a/vendor/hal_configstore_default.te
+++ b/vendor/hal_configstore_default.te
@@ -1,5 +1,5 @@
 type hal_configstore_default, domain;
 hal_server_domain(hal_configstore_default, hal_configstore)
 
-type hal_configstore_default_exec, exec_type, file_type;
+type hal_configstore_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_configstore_default)
diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te
index 67dd5302032b2af6c88907b6072011b11e358951..b29808dabf68662443e4bf3d22b1ba6cf52fd006 100644
--- a/vendor/hal_contexthub_default.te
+++ b/vendor/hal_contexthub_default.te
@@ -1,5 +1,5 @@
 type hal_contexthub_default, domain;
 hal_server_domain(hal_contexthub_default, hal_contexthub)
 
-type hal_contexthub_default_exec, exec_type, file_type;
+type hal_contexthub_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_contexthub_default)
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index ad1762f92ab0844592afea1a2b5337bfc5ba6502..3aeec069d1d5abf1a097b68449116e62a1f04c0f 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -1,7 +1,7 @@
 type hal_drm_default, domain;
 hal_server_domain(hal_drm_default, hal_drm)
 
-type hal_drm_default_exec, exec_type, file_type;
+type hal_drm_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_drm_default)
 
 allow hal_drm_default mediacodec:fd use;
diff --git a/vendor/hal_dumpstate_default.te b/vendor/hal_dumpstate_default.te
index fa772e18dc8b0204a463641768c4de8eaba48760..6fbf40ff4a4a7d6caebfb6c7d467b6267b1bc269 100644
--- a/vendor/hal_dumpstate_default.te
+++ b/vendor/hal_dumpstate_default.te
@@ -1,5 +1,5 @@
 type hal_dumpstate_default, domain;
 hal_server_domain(hal_dumpstate_default, hal_dumpstate)
 
-type hal_dumpstate_default_exec, exec_type, file_type;
+type hal_dumpstate_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_dumpstate_default)
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index 5f5de7e702b51e059b5a8f52298cf7791873f876..322c1040e276d6b4018e9ad0e95c8166714d8eb3 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -1,7 +1,7 @@
 type hal_fingerprint_default, domain;
 hal_server_domain(hal_fingerprint_default, hal_fingerprint)
 
-type hal_fingerprint_default_exec, exec_type, file_type;
+type hal_fingerprint_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_fingerprint_default)
 
 # TODO (b/36644492) move hal_fingerprint's data file to
diff --git a/vendor/hal_gatekeeper_default.te b/vendor/hal_gatekeeper_default.te
index d48af1650dc7f869f1c811f8e08461d299caee74..a3654cc9faccb0aa89908e77f57025f566e0476f 100644
--- a/vendor/hal_gatekeeper_default.te
+++ b/vendor/hal_gatekeeper_default.te
@@ -1,5 +1,5 @@
 type hal_gatekeeper_default, domain;
 hal_server_domain(hal_gatekeeper_default, hal_gatekeeper)
 
-type hal_gatekeeper_default_exec, exec_type, file_type;
+type hal_gatekeeper_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_gatekeeper_default);
diff --git a/vendor/hal_gnss_default.te b/vendor/hal_gnss_default.te
index 18da090804852b11cb8b556755025cdb877ed875..4c406170033f1fd6f0db5112e1d47256635daa92 100644
--- a/vendor/hal_gnss_default.te
+++ b/vendor/hal_gnss_default.te
@@ -1,7 +1,7 @@
 type hal_gnss_default, domain;
 hal_server_domain(hal_gnss_default, hal_gnss)
 
-type hal_gnss_default_exec, exec_type, file_type;
+type hal_gnss_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_gnss_default)
 
 # Read access to system files for HALs in
diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te
index f47a60477abe285c2c1eaf2860645566644e66f0..5afa2b5201ab47715131a2b88635d0187cf34d51 100644
--- a/vendor/hal_graphics_allocator_default.te
+++ b/vendor/hal_graphics_allocator_default.te
@@ -1,5 +1,5 @@
 type hal_graphics_allocator_default, domain;
 hal_server_domain(hal_graphics_allocator_default, hal_graphics_allocator)
 
-type hal_graphics_allocator_default_exec, exec_type, file_type;
+type hal_graphics_allocator_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_graphics_allocator_default)
diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te
index b65b8fe14851864dbc53207d333d9a5b1f3a8b3f..47343d9ec0d568c3ea9bcb6ed7865da1342cabaa 100644
--- a/vendor/hal_graphics_composer_default.te
+++ b/vendor/hal_graphics_composer_default.te
@@ -1,5 +1,5 @@
 type hal_graphics_composer_default, domain;
 hal_server_domain(hal_graphics_composer_default, hal_graphics_composer)
 
-type hal_graphics_composer_default_exec, exec_type, file_type;
+type hal_graphics_composer_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_graphics_composer_default)
diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te
index 3add20bcaec9ac43dd4ec26aa1e0e61a94da54d3..9b2b921f5bd8f11336ee23f6ccf01687b3dd875a 100644
--- a/vendor/hal_health_default.te
+++ b/vendor/hal_health_default.te
@@ -2,5 +2,5 @@
 type hal_health_default, domain;
 hal_server_domain(hal_health_default, hal_health)
 
-type hal_health_default_exec, exec_type, file_type;
+type hal_health_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_health_default)
diff --git a/vendor/hal_ir_default.te b/vendor/hal_ir_default.te
index e43bf076a16695ccb64d79666aa30924bdc165f3..943aab08b117211991c70cf9571421f70275fd49 100644
--- a/vendor/hal_ir_default.te
+++ b/vendor/hal_ir_default.te
@@ -1,5 +1,5 @@
 type hal_ir_default, domain;
 hal_server_domain(hal_ir_default, hal_ir)
 
-type hal_ir_default_exec, exec_type, file_type;
+type hal_ir_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_ir_default)
diff --git a/vendor/hal_keymaster_default.te b/vendor/hal_keymaster_default.te
index 32df262abee79e3dfe35b22f328beb174a1886be..82a5a20b2d4ce137ba092d9ecb493bd3063e285e 100644
--- a/vendor/hal_keymaster_default.te
+++ b/vendor/hal_keymaster_default.te
@@ -1,5 +1,5 @@
 type hal_keymaster_default, domain;
 hal_server_domain(hal_keymaster_default, hal_keymaster)
 
-type hal_keymaster_default_exec, exec_type, file_type;
+type hal_keymaster_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_keymaster_default)
diff --git a/vendor/hal_light_default.te b/vendor/hal_light_default.te
index 8c1bfb6908e2b8e228d94328a421546f4a0b6315..c7fa9a1f23226b1f914ae30a11b1e1ad00c0cf47 100644
--- a/vendor/hal_light_default.te
+++ b/vendor/hal_light_default.te
@@ -1,5 +1,5 @@
 type hal_light_default, domain;
 hal_server_domain(hal_light_default, hal_light)
 
-type hal_light_default_exec, exec_type, file_type;
+type hal_light_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_light_default)
diff --git a/vendor/hal_memtrack_default.te b/vendor/hal_memtrack_default.te
index 0e3ba21a0e4c3fc10ef794c470aab3d434c10aae..c547699db8df0e68b47bb0a987c29df4bcf95004 100644
--- a/vendor/hal_memtrack_default.te
+++ b/vendor/hal_memtrack_default.te
@@ -1,5 +1,5 @@
 type hal_memtrack_default, domain;
 hal_server_domain(hal_memtrack_default, hal_memtrack)
 
-type hal_memtrack_default_exec, exec_type, file_type;
+type hal_memtrack_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_memtrack_default)
diff --git a/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te
index a906d977bc372a5406f072799ce729ca141e167e..2f1c0925554f6892fb8a17f923d81fc06f6ae515 100644
--- a/vendor/hal_nfc_default.te
+++ b/vendor/hal_nfc_default.te
@@ -1,7 +1,7 @@
 type hal_nfc_default, domain;
 hal_server_domain(hal_nfc_default, hal_nfc)
 
-type hal_nfc_default_exec, exec_type, file_type;
+type hal_nfc_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_nfc_default)
 
 # TODO (b/36645109) Remove hal_nfc's access to the nfc app's
diff --git a/vendor/hal_power_default.te b/vendor/hal_power_default.te
index 47065ea45cc38f978d90bee0472997cf0af69930..3be4f227ea9bbcbb46cae5ff5ac89d5ad525b858 100644
--- a/vendor/hal_power_default.te
+++ b/vendor/hal_power_default.te
@@ -1,5 +1,5 @@
 type hal_power_default, domain;
 hal_server_domain(hal_power_default, hal_power)
 
-type hal_power_default_exec, exec_type, file_type;
+type hal_power_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_power_default)
diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te
index b4c9a8632880b7bfe83b18d6b7150b453bdb742f..5ba4aaba2c19b4a6a0e21e4cc2a936bcbac0de89 100644
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te
@@ -1,5 +1,5 @@
 type hal_sensors_default, domain;
 hal_server_domain(hal_sensors_default, hal_sensors)
 
-type hal_sensors_default_exec, exec_type, file_type;
+type hal_sensors_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_sensors_default)
diff --git a/vendor/hal_thermal_default.te b/vendor/hal_thermal_default.te
index 9a777e062785c4d02acfc0e2546c85ea53785739..73b2efff13b5229d9ee0563b320da55cdd9395ee 100644
--- a/vendor/hal_thermal_default.te
+++ b/vendor/hal_thermal_default.te
@@ -1,5 +1,5 @@
 type hal_thermal_default, domain;
 hal_server_domain(hal_thermal_default, hal_thermal)
 
-type hal_thermal_default_exec, exec_type, file_type;
+type hal_thermal_default_exec, exec_type, vendor_file_type, vendor_file_type, file_type;
 init_daemon_domain(hal_thermal_default)
diff --git a/vendor/hal_tv_input_default.te b/vendor/hal_tv_input_default.te
index a97c1717b3b19df9d365f67072b0892ed390a331..12d9743875c615798ee5a0ce219c24e3b458d6d9 100644
--- a/vendor/hal_tv_input_default.te
+++ b/vendor/hal_tv_input_default.te
@@ -1,6 +1,6 @@
 type hal_tv_input_default, domain;
 hal_server_domain(hal_tv_input_default, hal_tv_input)
 
-type hal_tv_input_default_exec, exec_type, file_type;
+type hal_tv_input_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_tv_input_default)
 
diff --git a/vendor/hal_usb_default.te b/vendor/hal_usb_default.te
index cc28a65f3d2f3cc658a7ec6bb2cd592d9186e1ca..5642a2aef3c904c718fbe26336e6cda1ed391b0b 100644
--- a/vendor/hal_usb_default.te
+++ b/vendor/hal_usb_default.te
@@ -1,5 +1,5 @@
 type hal_usb_default, domain;
 hal_server_domain(hal_usb_default, hal_usb)
 
-type hal_usb_default_exec, exec_type, file_type;
+type hal_usb_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_usb_default)
diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te
index 8bc8a724c6d4cf24ed2c01b30dea60210de791ce..6c10d8a1dd56538081a8c38d0e3fec013f35529c 100644
--- a/vendor/hal_vibrator_default.te
+++ b/vendor/hal_vibrator_default.te
@@ -1,5 +1,5 @@
 type hal_vibrator_default, domain;
 hal_server_domain(hal_vibrator_default, hal_vibrator)
 
-type hal_vibrator_default_exec, exec_type, file_type;
+type hal_vibrator_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_vibrator_default)
diff --git a/vendor/hal_vr_default.te b/vendor/hal_vr_default.te
index 7475524a18b0c608ae6331771fec949840bcee8f..6a60192b1bd57cbcac658d5f88c7050712469684 100644
--- a/vendor/hal_vr_default.te
+++ b/vendor/hal_vr_default.te
@@ -1,5 +1,5 @@
 type hal_vr_default, domain;
 hal_server_domain(hal_vr_default, hal_vr)
 
-type hal_vr_default_exec, exec_type, file_type;
+type hal_vr_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_vr_default)
diff --git a/vendor/hal_wifi_default.te b/vendor/hal_wifi_default.te
index 7c3949e662791b554c80097ba4ecb340c6600243..75a98429d913819fdffc10bb227b34a712af454f 100644
--- a/vendor/hal_wifi_default.te
+++ b/vendor/hal_wifi_default.te
@@ -1,5 +1,5 @@
 type hal_wifi_default, domain;
 hal_server_domain(hal_wifi_default, hal_wifi)
 
-type hal_wifi_default_exec, exec_type, file_type;
+type hal_wifi_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_wifi_default)
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
index 82bccdbdf81596f2fcd25d5b885a7582853ea3da..c2bdc738bed01ab832d28afeef73c9ed638028f7 100644
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -1,7 +1,7 @@
 # wpa supplicant or equivalent
 type hal_wifi_supplicant_default, domain;
 hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant)
-type hal_wifi_supplicant_default_exec, exec_type, file_type;
+type hal_wifi_supplicant_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_wifi_supplicant_default)
 
 net_domain(hal_wifi_supplicant_default)
diff --git a/vendor/hostapd.te b/vendor/hostapd.te
index e7d83082e9b05b2c1f677dba0f4f7929e588a9bc..d20581e0cf1601a6fd4a4678ff3ec2ee98ade6d4 100644
--- a/vendor/hostapd.te
+++ b/vendor/hostapd.te
@@ -1,6 +1,6 @@
 # userspace wifi access points
 type hostapd, domain;
-type hostapd_exec, exec_type, file_type;
+type hostapd_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(hostapd)
 
diff --git a/vendor/rild.te b/vendor/rild.te
index 69c5c3983b4589651d51ef43aca7d4b8a6693c3e..ea9109bf913273562329ff0519bee999d347a1c8 100644
--- a/vendor/rild.te
+++ b/vendor/rild.te
@@ -1,6 +1,6 @@
 # type_transition must be private policy the domain_trans rules could stay
 # public, but conceptually should go with this
-type rild_exec, exec_type, file_type;
+type rild_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(rild)
 
 # TODO(b/36613472), TODO(b/36718031): Remove this once rild no longer
diff --git a/vendor/tee.te b/vendor/tee.te
index ad43b24a0fd495a55ddf2233e6582dca00e4524d..e5e8b2d2d32d3684049985dd71664eb6d4476b72 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -3,7 +3,7 @@
 #
 typeattribute tee domain_deprecated;
 
-type tee_exec, exec_type, file_type;
+type tee_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(tee)
 
 allow tee self:capability { dac_override };
diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te
index e8988843ec10123dd2db3f757426e73507750089..f956af82b60fca82d3a6e4f28f837a3ca8e59d15 100644
--- a/vendor/vndservicemanager.te
+++ b/vendor/vndservicemanager.te
@@ -1,5 +1,5 @@
 # vndservicemanager - the Binder context manager for vendor processes
-type vndservicemanager_exec, exec_type, file_type;
+type vndservicemanager_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(vndservicemanager);