diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 4351ea1d866464cb9be5e9a761748a6ef6f6f126..9330041a708b0979c1e03be551923e37368e8abe 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1 +1,2 @@
+android.hardware.camera.provider::ICameraProvider             u:object_r:hw_camera_provider_ICameraProvider:s0
 *                                    u:object_r:default_android_hwservice:s0
diff --git a/public/cameraserver.te b/public/cameraserver.te
index d1b55cff0f3ea637218568112ff63bee74f88a4c..46083f5cc8e554ceeac6c25396f50eec0f4c3e68 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -8,6 +8,8 @@ binder_call(cameraserver, appdomain)
 binder_service(cameraserver)
 
 hal_client_domain(cameraserver, hal_camera)
+allow cameraserver hw_camera_provider_ICameraProvider:hwservice_manager find;
+
 hal_client_domain(cameraserver, hal_graphics_allocator)
 
 allow cameraserver ion_device:chr_file rw_file_perms;
diff --git a/public/hal_camera.te b/public/hal_camera.te
index b05239b78714346c8483cde56d04ed1495eca864..a00bf9f4244beb35ed214494d4a39aa6ffa28c4c 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -2,6 +2,8 @@
 binder_call(hal_camera_client, hal_camera_server)
 binder_call(hal_camera_server, hal_camera_client)
 
+add_hwservice(hal_camera_server, hw_camera_provider_ICameraProvider)
+
 # access /data/misc/camera
 allow hal_camera camera_data_file:dir create_dir_perms;
 allow hal_camera camera_data_file:file create_file_perms;
diff --git a/public/hwservice.te b/public/hwservice.te
index a39ffd2a357178a57a52eaed1fe4969dc93f14de..cf596294297d60c52825ce5bd990158689a0f8b9 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -1 +1,2 @@
 type default_android_hwservice,   hwservice_manager_type;
+type hw_camera_provider_ICameraProvider,             hwservice_manager_type;
diff --git a/public/te_macros b/public/te_macros
index 020bdc505176a3d8256416ca912dfba1e9019896..c19a56d110eb0d14300aa6eff283b30366636805 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -500,6 +500,16 @@ define(`add_service', `
   neverallow { domain -$1 } $2:service_manager add;
 ')
 
+###########################################
+# add_hwservice(domain, service)
+# Ability for domain to add a service to hwservice_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+define(`add_hwservice', `
+  allow $1 $2:hwservice_manager { add find };
+  neverallow { domain -$1 } $2:hwservice_manager add;
+')
+
 ##########################################
 # print a message with a trailing newline
 # print(`args')