diff --git a/public/hwservice.te b/public/hwservice.te
index 4490ae8d9..3c71d913e 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -67,3 +67,12 @@ type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
 type thermalcallback_hwservice, hwservice_manager_type;
+
+###
+### Neverallow rules
+###
+
+# hwservicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a
+# hwservice. Trigger a compile error if this occurs.
+neverallow domain ~hwservice_manager_type:hwservice_manager { add find };