diff --git a/private/app.te b/private/app.te
index 4097bfc5304f2de6b4b1de1a551dc19c95195188..47412132b9787859ff94162189e39442d3ad84a6 100644
--- a/private/app.te
+++ b/private/app.te
@@ -252,6 +252,9 @@ auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write app
 
 allow { appdomain -isolated_app } hal_graphics_allocator:fd use;
 
+# Allow app to access shared memory created by camera HAL1
+allow { appdomain -isolated_app } hal_camera:fd use;
+
 # TODO: switch to meminfo service
 allow appdomain proc_meminfo:file r_file_perms;
 
diff --git a/public/hal_camera.te b/public/hal_camera.te
index e40a39bc8decc2c3cc39b8eb57a522e41ceeb219..df445fa9a5430a7e7ec472a972ab64b3771b3dec 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -13,11 +13,10 @@ allow hal_camera ion_device:chr_file rw_file_perms;
 # Both the client and the server need to use the graphics allocator
 allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
 
-# Allow fd to be passed between hal_camera related processes
+# Allow hal_camera to use fd from app,gralloc,and ashmem HAL
 allow hal_camera { appdomain -isolated_app }:fd use;
-allow { appdomain -isolated_app } hal_camera:fd use;
 allow hal_camera surfaceflinger:fd use;
-allow mediaserver hal_camera:fd use;
+allow hal_camera hal_allocator:fd use;
 
 ###
 ### neverallow rules
diff --git a/public/mediacodec.te b/public/mediacodec.te
index f8986de0c81c69aedb1430e968cba8425776212e..a7d780793727023eec43598beb765ef94c42bb4d 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -17,6 +17,8 @@ allow mediacodec video_device:chr_file rw_file_perms;
 allow mediacodec video_device:dir search;
 allow mediacodec ion_device:chr_file rw_file_perms;
 allow mediacodec hal_graphics_allocator:fd use;
+allow mediacodec hal_camera:fd use;
+
 
 # hidl access
 hwbinder_use(mediacodec)
diff --git a/public/mediaserver.te b/public/mediaserver.te
index fa472886a77b0decf418e2ee04529e36fc2a20b3..6b3f0511e72a85bca54dd2c27f1e646e1c8c6293 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -129,6 +129,7 @@ allow mediaserver preloads_data_file:file { getattr read ioctl };
 
 allow mediaserver ion_device:chr_file r_file_perms;
 allow mediaserver hal_graphics_allocator:fd use;
+allow mediaserver hal_camera:fd use;
 
 allow mediaserver system_server:fd use;