diff --git a/health/aidl/README.md b/health/aidl/README.md
index 53a4f91201..3ee5232220 100644
--- a/health/aidl/README.md
+++ b/health/aidl/README.md
@@ -162,9 +162,26 @@ Add device specific permissions to the domain where the health HAL
 process is executed, especially if a device-specific `libhealthd` is used
 and/or device-specific storage related APIs are implemented.
 
+Example (assuming that your health AIDL service runs in domain
+`hal_health_tuna`:
+
+```text
+type hal_health_tuna, domain;
+hal_server_domain(hal_health_tuna, hal_health)
+type hal_health_tuna_exec, exec_type, vendor_file_type, file_type;
+
+# allow hal_health_tuna ...;
+```
+
 If you did not define a separate domain, the domain is likely
 `hal_health_default`. The device-specific rules for it is likely at
 `device/<manufacturer>/<device>/sepolicy/vendor/hal_health_default.te`.
+In this case, the aforementioned SELinux rules and types has already been
+defined. You only need to add device-specific permissions.
+
+```text
+# allow hal_health_default ...;
+```
 
 ### Implementing charger {#charger}