diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 4699ecf4372a70710a1470c4bab145ab9e2d3f59..f53a194ddddabbf15489d3fb250a3adae4a04838 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -121,7 +121,7 @@
 (typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
 (typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
 (typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
-(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
 (typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
 (typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
 (typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index e5d50e472faa2511282a389f8146c18133b515c6..8eedf56a64b1923a4243eba14477620763e6af84 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -826,7 +826,7 @@
 (typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
 (typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
 (typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
-(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
+(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
 (typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
 (typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
 (typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
diff --git a/private/property_contexts b/private/property_contexts
index 6ebad359115484e516c5744d773449e6242a9cd5..37d442754b471884242d5c4dbc78f1b2ffa1813b 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -115,6 +115,11 @@ ctl.interface_start$    u:object_r:ctl_interface_start_prop:s0
 ctl.interface_stop$     u:object_r:ctl_interface_stop_prop:s0
 ctl.interface_restart$  u:object_r:ctl_interface_restart_prop:s0
 
+ # Restrict access to starting/stopping adbd
+ctl.start$adbd             u:object_r:ctl_adbd_prop:s0
+ctl.stop$adbd              u:object_r:ctl_adbd_prop:s0
+ctl.restart$adbd           u:object_r:ctl_adbd_prop:s0
+
 # NFC properties
 nfc.                    u:object_r:nfc_prop:s0
 
diff --git a/public/adbd.te b/public/adbd.te
index 95854c01e7e6bcc5635ec98fd56179f9cde63829..82373fd1d959d05c06bd0fcac0ccbd3a4c71c3f4 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -2,3 +2,7 @@
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
 type adbd_exec, exec_type, file_type;
+
+# Only init is allowed to enter the adbd domain via exec()
+neverallow { domain -init } adbd:process transition;
+neverallow * adbd:process dyntransition;
diff --git a/public/property.te b/public/property.te
index 508eed5947bb7ff0c3ded41ea06a33a5f64fed0d..b92f18a7e8711dd3fc9eb55cc459ce8c37a0f82b 100644
--- a/public/property.te
+++ b/public/property.te
@@ -5,6 +5,7 @@ type bluetooth_prop, property_type;
 type bootloader_boot_reason_prop, property_type;
 type config_prop, property_type, core_property_type;
 type cppreopt_prop, property_type, core_property_type;
+type ctl_adbd_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_bugreport_prop, property_type;
 type ctl_console_prop, property_type;
@@ -327,6 +328,7 @@ compatible_property_only(`
     -boottime_prop
     -config_prop
     -cppreopt_prop
+    -ctl_adbd_prop
     -ctl_bootanim_prop
     -ctl_bugreport_prop
     -ctl_console_prop
diff --git a/public/recovery.te b/public/recovery.te
index 48fffe645cf8312dff291e1473e027aa8610e2c3..dcec9705ec68ff8bc9767d1487066e01c341d883 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -109,7 +109,7 @@ recovery_only(`
   set_prop(recovery, powerctl_prop)
 
   # Start/stop adbd via ctl.start adbd
-  set_prop(recovery, ctl_default_prop)
+  set_prop(recovery, ctl_adbd_prop)
 
   # Read serial number of the device from system properties
   get_prop(recovery, serialno_prop)
diff --git a/public/usbd.te b/public/usbd.te
index 98786e06228f9fb2a7b23ff68cc7e1d05ed349dc..6dd1334139046ae6896ea279ead9dcf926d57efb 100644
--- a/public/usbd.te
+++ b/public/usbd.te
@@ -1,3 +1,5 @@
 type usbd, domain;
 type usbd_exec, exec_type, file_type;
 
+# Start/stop adbd via ctl.start adbd
+set_prop(usbd, ctl_adbd_prop)