diff --git a/adbd.te b/adbd.te
index 3b654a152..a9a635528 100644
--- a/adbd.te
+++ b/adbd.te
@@ -1,6 +1,6 @@
 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
-type adbd, domain;
+type adbd, domain, mlstrustedsubject;
 
 userdebug_or_eng(`
   allow adbd self:process setcurrent;
diff --git a/file.te b/file.te
index 7df06d398..0721c3230 100644
--- a/file.te
+++ b/file.te
@@ -133,8 +133,8 @@ type installd_socket, file_type;
 type lmkd_socket, file_type;
 type logd_debug, file_type;
 type logd_socket, file_type;
-type logdr_socket, file_type;
-type logdw_socket, file_type;
+type logdr_socket, file_type, mlstrustedobject;
+type logdw_socket, file_type, mlstrustedobject;
 type mdns_socket, file_type;
 type mdnsd_socket, file_type;
 type mtpd_socket, file_type;
diff --git a/logd.te b/logd.te
index cde721a6d..ca6719a61 100644
--- a/logd.te
+++ b/logd.te
@@ -1,5 +1,5 @@
 # android user-space log manager
-type logd, domain;
+type logd, domain, mlstrustedsubject;
 type logd_exec, exec_type, file_type;
 
 init_daemon_domain(logd)
diff --git a/mdnsd.te b/mdnsd.te
index 7e14b529b..e5fe1e258 100644
--- a/mdnsd.te
+++ b/mdnsd.te
@@ -1,5 +1,5 @@
 # mdns daemon
-type mdnsd, domain;
+type mdnsd, domain, mlstrustedsubject;
 type mdnsd_exec, exec_type, file_type;
 
 init_daemon_domain(mdnsd)
diff --git a/netd.te b/netd.te
index 81275a77a..ce894210e 100644
--- a/netd.te
+++ b/netd.te
@@ -1,5 +1,5 @@
 # network manager
-type netd, domain;
+type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 init_daemon_domain(netd)
diff --git a/servicemanager.te b/servicemanager.te
index d20872c61..9947aa7d0 100644
--- a/servicemanager.te
+++ b/servicemanager.te
@@ -1,5 +1,5 @@
 # servicemanager - the Binder context manager
-type servicemanager, domain;
+type servicemanager, domain, mlstrustedsubject;
 type servicemanager_exec, exec_type, file_type;
 
 init_daemon_domain(servicemanager)