diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 12f3395c90aeede13b507eea004b9e5832aae482..c0f5ac93f752035a624d509b477c2c74bd3e382c 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -17,3 +17,6 @@
 /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_hbm     u:object_r:vendor_sysfs_fod:s0
 /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_ui      u:object_r:vendor_sysfs_fod:s0
 /sys/devices/virtual/touch/tp_dev/fod_status                       u:object_r:vendor_sysfs_fod:s0
+
+# Thermal
+/data/vendor/thermal(/.*)?                           u:object_r:thermal_data_file:s0
diff --git a/sepolicy/vendor/mi_thermald.te b/sepolicy/vendor/mi_thermald.te
index 6b64a18d8fed13f232841465853fac9143edeb6e..a19d3506a81477134ec9e295de4dddc525ecf18b 100644
--- a/sepolicy/vendor/mi_thermald.te
+++ b/sepolicy/vendor/mi_thermald.te
@@ -1,2 +1,27 @@
 type mi_thermald, domain;
 type mi_thermald_exec, exec_type, vendor_file_type, file_type;
+type thermal_data_file, data_file_type, file_type;
+
+r_dir_file(mi_thermald, sysfs)
+r_dir_file(mi_thermald, sysfs_leds)
+r_dir_file(mi_thermald, sysfs_thermal)
+r_dir_file(mi_thermald, vendor_sysfs_kgsl)
+r_dir_file(mi_thermald, vendor_sysfs_battery_supply)
+r_dir_file(mi_thermald, vendor_sysfs_qcom_battery)
+r_dir_file(mi_thermald, vendor_sysfs_graphics)
+r_dir_file(mi_thermald, thermal_data_file)
+r_dir_file(mi_thermald, vendor_data_file)
+
+allow mi_thermald sysfs:file w_file_perms;
+allow mi_thermald sysfs_thermal:file w_file_perms;
+allow mi_thermald vendor_sysfs_kgsl:file w_file_perms;
+allow mi_thermald vendor_sysfs_battery_supply:file w_file_perms;
+allow mi_thermald vendor_sysfs_qcom_battery:file w_file_perms;
+allow mi_thermald vendor_sysfs_graphics:file w_file_perms;
+allow mi_thermald thermal_data_file:file rw_file_perms;
+allow mi_thermald vendor_data_file:file rw_file_perms;
+allow mi_thermald vendor_data_file:dir w_dir_perms;
+allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
+
+allow mi_thermald self:capability { fsetid sys_boot chown fowner };
+allow mi_thermald self:capability2 { wake_alarm block_suspend };