diff --git a/private/service_contexts b/private/service_contexts
index 06457795262bb07ec53560bf75f605543c3e3856..c2a4ca1db221196baf4344f9fb91892bc75ec18f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -98,6 +98,7 @@ media.metrics                             u:object_r:mediametrics_service:s0
 media.extractor                           u:object_r:mediaextractor_service:s0
 media.extractor.update                    u:object_r:mediaextractor_update_service:s0
 media.codec                               u:object_r:mediacodec_service:s0
+media.codec.update                        u:object_r:mediaextractor_update_service:s0
 media.resource_manager                    u:object_r:mediaserver_service:s0
 media.sound_trigger_hw                    u:object_r:audioserver_service:s0
 media.drm                                 u:object_r:mediadrmserver_service:s0
diff --git a/public/domain.te b/public/domain.te
index fa476ddb4b80444eb64259dd41f9a94c0bd3f8a1..42058f470ca54d05daf183c00ee99f50b8c1894f 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -494,6 +494,7 @@ neverallow {
     -webview_zygote
     -zygote
     userdebug_or_eng(`-mediaextractor')
+    userdebug_or_eng(`-mediaswcodec')
 } {
     file_type
     -system_file_type
@@ -1557,3 +1558,9 @@ neverallow {
   -hal_omx_server
 } hal_codec2_hwservice:hwservice_manager add;
 
+neverallow {
+  domain
+  userdebug_or_eng(`-mediaextractor')
+  userdebug_or_eng(`-mediaswcodec')
+} mediaextractor_update_service:service_manager add;
+
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 9e07efd390ba21ff47adcfbfeb013d4feebe87b4..8f588689f30a1c17ccd6a42e90db0c084e9af33c 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -37,7 +37,7 @@ allow mediaextractor system_file:dir { read open };
 
 userdebug_or_eng(`
   # Allow extractor to add update service.
-  add_service(mediaextractor, mediaextractor_update_service)
+  allow mediaextractor mediaextractor_update_service:service_manager { find add };
 
   # Allow extractor to load media extractor plugins from update apk.
   allow mediaextractor apk_data_file:dir search;
diff --git a/public/mediaswcodec.te b/public/mediaswcodec.te
index 1b1097be9fa22377373a4bbeffc733a4aa731ff1..970256232ed7d634fab4da8f67462aec33e496f8 100644
--- a/public/mediaswcodec.te
+++ b/public/mediaswcodec.te
@@ -7,3 +7,12 @@ typeattribute mediaswcodec mediaswcodec_server;
 hal_client_domain(mediaswcodec, hal_allocator)
 hal_client_domain(mediaswcodec, hal_graphics_allocator)
 
+userdebug_or_eng(`
+  binder_use(mediaswcodec)
+  # Add mediaextractor_update_service service
+  allow mediaswcodec mediaextractor_update_service:service_manager { find add };
+
+  # Allow mediaswcodec to load libs from update apk.
+  allow mediaswcodec apk_data_file:file { open read execute getattr map };
+  allow mediaswcodec apk_data_file:dir { search getattr };
+')