diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index d08e935e8..90f09e831 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -8,4 +8,5 @@
     profcollectd_etr_prop
     fs_bpf_lmkd_memevents_rb
     fs_bpf_lmkd_memevents_prog
+    binderfs_logs_transactions
   ))
diff --git a/private/domain.te b/private/domain.te
index b9e11f0d5..36eb19764 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -156,6 +156,9 @@ get_prop(domain, binder_cache_bluetooth_server_prop)
 get_prop(domain, binder_cache_system_server_prop)
 get_prop(domain, binder_cache_telephony_server_prop)
 
+# Binderfs logs contain sensitive information about other processes.
+neverallow { domain -dumpstate -init -vendor_init -system_server } binderfs_logs_transactions:file no_rw_file_perms;
+
 # Allow access to fsverity keyring.
 allow domain kernel:key search;
 # Allow access to keys in the fsverity keyring that were installed at boot.
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 29cd454da..27b690441 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -128,6 +128,9 @@ allow dumpstate gsid_exec:file rx_file_perms;
 set_prop(dumpstate, ctl_gsid_prop)
 binder_call(dumpstate, gsid)
 
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs_transactions:file r_file_perms;
+
 r_dir_file(dumpstate, ota_metadata_file)
 
 # For starting (and killing) perfetto --save-for-bugreport. If a labelled trace
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6bcd61746..b6b18c0e0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -305,6 +305,7 @@ genfscon binder /vndbinder u:object_r:vndbinder_device:s0
 genfscon binder /binder_logs u:object_r:binderfs_logs:s0
 genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
 genfscon binder /binder_logs/stats u:object_r:binderfs_logs_stats:s0
+genfscon binder /binder_logs/transactions u:object_r:binderfs_logs_transactions:s0
 genfscon binder /features u:object_r:binderfs_features:s0
 
 genfscon inotifyfs / u:object_r:inotify:s0
diff --git a/private/system_server.te b/private/system_server.te
index 7306773bf..5da6f6621 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1596,6 +1596,8 @@ set_prop(system_server, dalvik_dynamic_config_prop)
 # Allow system server to read binderfs
 allow system_server binderfs_logs:dir r_dir_perms;
 allow system_server binderfs_logs_stats:file r_file_perms;
+# For ANRs
+allow system_server binderfs_logs_transactions:file r_file_perms;
 
 # Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
 set_prop(system_server, game_manager_config_prop)
diff --git a/public/file.te b/public/file.te
index 9464fb323..dc2797926 100644
--- a/public/file.te
+++ b/public/file.te
@@ -8,6 +8,7 @@ type binderfs, fs_type;
 type binderfs_logs, fs_type;
 type binderfs_logs_proc, fs_type;
 type binderfs_logs_stats, fs_type;
+type binderfs_logs_transactions, fs_type;
 type binderfs_features, fs_type;
 # Security-sensitive proc nodes that should not be writable to most.
 type proc_security, fs_type, proc_type;