diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 71e547e..0142755 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -9,5 +9,8 @@
 # Lights
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light-service\.rosemary                          	u:object_r:hal_light_default_exec:s0
 
+# Thermals
+/vendor/bin/mi_thermald       										u:object_r:mi_thermald_exec:s0
+
 # WiFi
 /(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@[0-9]\.[0-9]-service-lazy\.rosemary 		u:object_r:hal_wifi_default_exec:s0
diff --git a/sepolicy/vendor/mi_thermald.te b/sepolicy/vendor/mi_thermald.te
new file mode 100644
index 0000000..62ad5a1
--- /dev/null
+++ b/sepolicy/vendor/mi_thermald.te
@@ -0,0 +1,28 @@
+type mi_thermald, domain;
+type mi_thermald_exec, exec_type, vendor_file_type, file_type;
+type thermal_data_file, data_file_type, file_type;
+
+init_daemon_domain(mi_thermald)
+
+set_prop(mi_thermald, thermal_engine_prop)
+
+allow mi_thermald thermal_data_file:dir rw_dir_perms;
+allow mi_thermald thermal_data_file:file create_file_perms;
+
+allow mi_thermald self:capability { fsetid sys_boot };
+allow mi_thermald mi_thermald:capability { chown fowner };
+allow mi_thermald mi_thermald:capability2 { wake_alarm block_suspend };
+
+r_dir_file(mi_thermald, sysfs_therm)
+allow mi_thermald sysfs_therm:file w_file_perms;
+
+r_dir_file(mi_thermald, sysfs_thermal)
+allow mi_thermald sysfs_thermal:file w_file_perms;
+
+r_dir_file(mi_thermald, sysfs)
+allow mi_thermald sysfs:file w_file_perms;
+
+r_dir_file(mi_thermald, sysfs_leds)
+allow mi_thermald sysfs_leds:file w_file_perms;
+
+allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index e527d27..90d77f5 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -17,3 +17,6 @@ gf.debug.dump_bigdata_data                              u:object_r:vendor_finger
 persist.sys.fp.goodix.                                  u:object_r:vendor_fingerprint_prop:s0
 persist.vendor.sys.fp.                                  u:object_r:vendor_fingerprint_prop:s0
 vendor.fps_hal.                                         u:object_r:vendor_fingerprint_prop:s0
+
+# Thermal
+vendor.sys.thermal.     				u:object_r:thermal_engine_prop:s0