diff --git a/Android.bp b/Android.bp
index 038d92f60..88107cc97 100644
--- a/Android.bp
+++ b/Android.bp
@@ -833,3 +833,45 @@ genrule {
         "-p $(location :precompiled_sepolicy) && " +
         "touch $(out)",
 }
+
+//////////////////////////////////
+// TestDevTypeViolations can't run on old devices (V or before)
+//////////////////////////////////
+
+soong_config_module_type {
+    name: "dev_type_test_genrule",
+    module_type: "genrule",
+    config_namespace: "ANDROID",
+    bool_variables: ["CHECK_DEV_TYPE_VIOLATIONS"],
+    properties: ["cmd"],
+}
+
+dev_type_test_genrule {
+    name: "sepolicy_dev_type_test",
+    srcs: [
+        ":plat_file_contexts",
+        ":vendor_file_contexts",
+        ":system_ext_file_contexts",
+        ":product_file_contexts",
+        ":odm_file_contexts",
+        ":precompiled_sepolicy",
+    ],
+    tools: ["sepolicy_tests"],
+    out: ["sepolicy_dev_type_test"],
+    soong_config_variables: {
+        CHECK_DEV_TYPE_VIOLATIONS: {
+            cmd: "$(location sepolicy_tests) " +
+                "-f $(location :plat_file_contexts) " +
+                "-f $(location :vendor_file_contexts) " +
+                "-f $(location :system_ext_file_contexts) " +
+                "-f $(location :product_file_contexts) " +
+                "-f $(location :odm_file_contexts) " +
+                "-p $(location :precompiled_sepolicy) " +
+                "-t TestDevTypeViolations && " +
+                "touch $(out)",
+            conditions_default: {
+                cmd: "touch $(out)",
+            },
+        },
+    },
+}
diff --git a/Android.mk b/Android.mk
index 384c416ca..63b74aaf8 100644
--- a/Android.mk
+++ b/Android.mk
@@ -240,6 +240,7 @@ LOCAL_REQUIRED_MODULES += \
 # genrule modules aren't installable, so LOCAL_REQUIRED_MODULES doesn't work.
 # Instead, use LOCAL_ADDITIONAL_DEPENDENCIES with intermediate output
 LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_test)/sepolicy_test
+LOCAL_ADDITIONAL_DEPENDENCIES += $(call intermediates-dir-for,ETC,sepolicy_dev_type_test)/sepolicy_dev_type_test
 
 LOCAL_REQUIRED_MODULES += \
     $(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
diff --git a/tests/policy.py b/tests/policy.py
index 8fc2ef7f6..98133b7c4 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -146,9 +146,9 @@ class Policy:
     # DoNotMatchPrefix have the attribute Attr.
     # For example assert that all types in /sys, and not in /sys/kernel/debugfs
     # have the sysfs_type attribute.
-    def AssertPathTypesHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr):
+    def AssertPathTypesHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr, ExcludedTypes = []):
         # Query policy for the types associated with Attr
-        TypesPol = self.QueryTypeAttribute(Attr, True)
+        TypesPol = self.QueryTypeAttribute(Attr, True) | set(ExcludedTypes)
         # Search file_contexts to find paths/types that should be associated with
         # Attr.
         PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 4ef161bba..7a341cbcb 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -265,6 +265,22 @@ def TestIsolatedAttributeConsistency(test_policy):
             "\"-isolated_app_all\". Violations are shown as the following: \n")  + ret
     return ret
 
+def TestDevTypeViolations(pol):
+    exceptions = [
+        "/dev/socket",
+    ]
+    exceptionTypes = [
+        "boringssl_self_test_marker",  # /dev/boringssl/selftest
+        "cgroup_rc_file",              # /dev/cgroup.rc
+        "dev_cpu_variant",             # /dev/cpu_variant:{arch}
+        "fscklogs",                    # /dev/fscklogs
+        "properties_serial",           # /dev/__properties__/properties_serial
+        "property_info",               # /dev/__properties__/property_info
+        "runtime_event_log_tags_file", # /dev/event-log-tags
+    ]
+    return pol.AssertPathTypesHaveAttr(["/dev"], exceptions,
+                                       "dev_type", exceptionTypes)
+
 ###
 # extend OptionParser to allow the same option flag to be used multiple times.
 # This is used to allow multiple file_contexts files and tests to be
@@ -298,6 +314,7 @@ Tests = [
     "TestCoredomainViolations",
     "TestViolatorAttributes",
     "TestIsolatedAttributeConsistency",
+    "TestDevTypeViolations",
 ]
 
 def do_main(libpath):
@@ -366,6 +383,10 @@ def do_main(libpath):
     if options.test is None or "TestIsolatedAttributeConsistency" in options.test:
         results += TestIsolatedAttributeConsistency(test_policy)
 
+    # dev type test won't be run as default
+    if options.test and "TestDevTypeViolations" in options.test:
+        results += TestDevTypeViolations(pol)
+
     if len(results) > 0:
         sys.exit(results)