diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 12f8d7bf69fc4aa7ab9bc64ea51fe6abad6fa1ea..8b9415ab38a2e115068240321cdcebb55c3606a9 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -137,6 +137,9 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
wpantund
wpantund_exec
wpantund_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 7d6476affd4e92721826829cac615a0020ae2368..86aa8908880942d8b3401d55fe5d0519ec148aab 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -113,6 +113,9 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
wm_trace_data_file
wpantund
wpantund_exec
diff --git a/private/file_contexts b/private/file_contexts
index 348878714241b7a5f13dee91dd93032c73656945..393993aa842ab7a20db8bb000d758d8b583520a3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -294,6 +294,7 @@
/system/bin/stats u:object_r:stats_exec:s0
/system/bin/statsd u:object_r:statsd_exec:s0
/system/bin/bpfloader u:object_r:bpfloader_exec:s0
+/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0
#############################
# Vendor files
diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
new file mode 100644
index 0000000000000000000000000000000000000000..8b8dd2927bfaca128d8fc8086c9952a0622fd061
--- /dev/null
+++ b/private/wait_for_keymaster.te
@@ -0,0 +1,9 @@
+# wait_for_keymaster service
+type wait_for_keymaster, domain, coredomain;
+type wait_for_keymaster_exec, exec_type, file_type;
+
+init_daemon_domain(wait_for_keymaster)
+
+hal_client_domain(wait_for_keymaster, hal_keymaster)
+
+allow wait_for_keymaster kmsg_device:chr_file w_file_perms;