diff --git a/health/aidl/README.md b/health/aidl/README.md
index 0d7c4c97e0..a64fe93f69 100644
--- a/health/aidl/README.md
+++ b/health/aidl/README.md
@@ -63,8 +63,7 @@ Specifically:
 * You may ignore the `service` line. The name of the service does not matter.
 * If your service belongs to additional classes beside `charger`, you need a
   custom health AIDL service.
-* You may ignore the `seclabel` line. When the health AIDL service runs in
-  charger mode, its original SELinux domain is kept.
+* Modify the `seclabel` line. Replace `charger` with `charger_vendor`.
 * If your service has a different `user` (not `system`), you need a custom
   health AIDL service.
 * If your service belongs to additional `group`s beside
@@ -240,6 +239,8 @@ for an example:
 
 ```text
 service vendor.charger-tuna /vendor/bin/hw/android.hardware.health-service-tuna --charger
+    class charger
+    seclabel u:r:charger_vendor:s0
     # ...
 ```
 
@@ -315,6 +316,5 @@ permissions. Example (assuming that your health AIDL service runs in domain
 `hal_health_tuna`:
 
 ```text
-type hal_health_tuna, charger_type, domain;
-hal_server_domain(hal_health_default, hal_health)
+domain_trans(init, hal_health_tuna_exec, charger_vendor)
 ```
diff --git a/health/aidl/default/android.hardware.health-service.example.rc b/health/aidl/default/android.hardware.health-service.example.rc
index dee3d11dee..4258890485 100644
--- a/health/aidl/default/android.hardware.health-service.example.rc
+++ b/health/aidl/default/android.hardware.health-service.example.rc
@@ -7,6 +7,7 @@ service vendor.health-default /vendor/bin/hw/android.hardware.health-service.exa
 
 service vendor.charger-default /vendor/bin/hw/android.hardware.health-service.example --charger
     class charger
+    seclabel u:r:charger_vendor:s0
     user system
     group system wakelock input
     capabilities SYS_BOOT