diff --git a/public/domain.te b/public/domain.te
index 1827b72578c72e4d9b7711691cf277d0eac28cda..5b50afd8a030108420c788806fa1f4b64dd376a6 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1033,7 +1033,10 @@ full_treble_only(`
       coredomain
       -shell
       -system_executes_vendor_violators
-    } vendor_file_type:file execute_no_trans;
+    } {
+      vendor_file_type
+      -same_process_hal_file
+    }:file execute_no_trans;
 ')
 
 # Only authorized processes should be writing to files in /data/dalvik-cache