diff --git a/private/bluetooth.te b/private/bluetooth.te
index 5ea6027f2be87f22aec93856147c918220969ce7..b2369c1c9487f67ed8b293fb90749dd637bcc827 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -22,14 +22,6 @@ allow bluetooth bluetooth_logs_data_file:file create_file_perms;
 # Socket creation under /data/misc/bluedroid.
 allow bluetooth bluetooth_socket:sock_file create_file_perms;
 
-# bluetooth factory file accesses.
-r_dir_file(bluetooth, bluetooth_efs_file)
-
-allow bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
-
-# sysfs access.
-r_dir_file(bluetooth, sysfs_type)
-allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow bluetooth self:capability net_admin;
 allow bluetooth self:capability2 wake_alarm;
 
@@ -64,9 +56,7 @@ unix_socket_connect(bluetooth, sap_uim, rild)
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
-# Perform HwBinder IPC.
-hwbinder_use(bluetooth)
-binder_call(bluetooth, hal_bluetooth)
+hal_client_domain(bluetooth, hal_bluetooth)
 binder_call(bluetooth, hal_telephony)
 
 read_runtime_log_tags(bluetooth)
diff --git a/private/hal_bluetooth_default.te b/private/hal_bluetooth_default.te
index 88fd42bda1e75d3d4791533970a7d937aa9cba70..4fcb3221dfdaa3be6915d8cbe1b456f532887e68 100644
--- a/private/hal_bluetooth_default.te
+++ b/private/hal_bluetooth_default.te
@@ -1,5 +1,5 @@
 type hal_bluetooth_default, domain;
-hal_impl_domain(hal_bluetooth_default, hal_bluetooth)
+hal_server_domain(hal_bluetooth_default, hal_bluetooth)
 
 type hal_bluetooth_default_exec, exec_type, file_type;
 init_daemon_domain(hal_bluetooth_default)
diff --git a/private/system_server.te b/private/system_server.te
index fa55ada294d5cb3f264adae7594e0dbe9120a3c6..e23a33c11fdf9551077f49a288a7ddf83eae15cb 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -181,7 +181,6 @@ binder_service(system_server)
 # Perform HwBinder IPC.
 hwbinder_use(system_server)
 hwallocator_use(system_server)
-binder_call(system_server, hal_bluetooth)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_contexthub)
 binder_call(system_server, hal_fingerprint)
diff --git a/public/attributes b/public/attributes
index 0d9428cce94fc67dfbe6c8a33e86686c7819b368..5c43d5e790e6c539069b941c342ef7e3e3b4d798 100644
--- a/public/attributes
+++ b/public/attributes
@@ -127,6 +127,8 @@ attribute hal_audio;
 attribute hal_audio_client;
 attribute hal_audio_server;
 attribute hal_bluetooth;
+attribute hal_bluetooth_client;
+attribute hal_bluetooth_server;
 attribute hal_camera;
 attribute hal_camera_client;
 attribute hal_camera_server;
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 3e132b9c97210bc37c2aad158f764adcafc7363a..207f718b3133b0052e5d077e03c612826eca459d 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -1,7 +1,6 @@
-r_dir_file(hal_bluetooth, system_file)
-
-# call into the Bluetooth process (callbacks)
-binder_call(hal_bluetooth, bluetooth)
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_bluetooth_client, hal_bluetooth_server)
+binder_call(hal_bluetooth_server, hal_bluetooth_client)
 
 wakelock_use(hal_bluetooth);