diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 04703df4..c9591c08 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -229,6 +229,9 @@
 /vendor/lib(64)?/libadsprpc\.so             u:object_r:same_process_hal_file:s0
 /vendor/lib/dsp/fastrpc_shell_0             u:object_r:hexagon_halide_file:s0
 
+# thermal sysfs files
+/sys/class/thermal(/.*)?                    u:object_r:sysfs_thermal:s0
+
 # data files
 /data/vendor/netmgr(/.*)?              u:object_r:netmgr_data_file:s0
 /data/vendor/location(/.*)?            u:object_r:location_data_file:s0
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index d5fee6b7..6a11f611 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -1,3 +1,4 @@
+# TODO: genfs doesn't apply correctly to linked files (b/64270911)
 genfscon proc /debug/fwdump                           u:object_r:proc_wifi_dbg:s0
 genfscon proc /debugdriver/driverdump                 u:object_r:proc_wifi_dbg:s0
 genfscon proc /ath_pktlog/cld                         u:object_r:proc_wifi_dbg:s0
@@ -15,7 +16,6 @@ genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:0 u:object_r:s
 
 genfscon sysfs /class/rfkill/rfkill0/state            u:object_r:sysfs_bluetooth_writable:s0
 
-genfscon sysfs /class/thermal                                           u:object_r:sysfs_thermal:s0
 genfscon sysfs /class/uio                                               u:object_r:sysfs_uio:s0
 genfscon sysfs /devices/soc/1da4000.ufshc/clkscale_enable               u:object_r:sysfs_clkscale:s0
 genfscon sysfs /devices/soc/soc:bt_wcn3990                              u:object_r:sysfs_bluetooth_writable:s0
diff --git a/sepolicy/vendor/hal_dumpstate_impl.te b/sepolicy/vendor/hal_dumpstate_impl.te
index 0cdaa309..38461d20 100644
--- a/sepolicy/vendor/hal_dumpstate_impl.te
+++ b/sepolicy/vendor/hal_dumpstate_impl.te
@@ -33,9 +33,7 @@ r_dir_file(hal_dumpstate_impl, sysfs_uio)
 r_dir_file(hal_dumpstate_impl, sysfs_rmtfs)
 r_dir_file(hal_dumpstate_impl, sysfs_msm_subsys)
 r_dir_file(hal_dumpstate_impl, sysfs_soc)
-
-allow hal_dumpstate_impl sysfs_thermal:dir search;
-allow hal_dumpstate_impl sysfs_thermal:file r_file_perms;
+r_dir_file(hal_dumpstate_impl, sysfs_thermal)
 
 allow hal_dumpstate_impl debugfs_ion:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_ion:file r_file_perms;