diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index 3d8a78deeb737a33805a533b8212e09a32a0b7b6..db0fc6d77e75fe4357587b1ae61a02def064d1b4 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -18,4 +18,7 @@ allow hal_fingerprint permission_service:service_manager find;
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
+# Allow fingerprint to find and call keystore binder interfaces
+binder_use(hal_fingerprint);
+
 r_dir_file(hal_fingerprint, cgroup)
diff --git a/public/system_server.te b/public/system_server.te
index 2cf511f23df6405e75b015176e419e4ee7317e1a..6c59e550436af93452a1d7d42d84951f4db4265e 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -155,6 +155,7 @@ binder_call(system_server, { appdomain ephemeral_app })
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
 binder_call(system_server, fingerprintd)
+binder_call(system_server, hal_fingerprint)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
 binder_call(system_server, netd)