diff --git a/private/system_server.te b/private/system_server.te
index 738a84eebbe9c42c5ef696bb4e3bb095431d3989..a1f989935ec3de76829a198e1a826856173554a8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -170,7 +170,6 @@ binder_call(system_server, appdomain)
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
 binder_call(system_server, fingerprintd)
-binder_call(system_server, hal_fingerprint)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
@@ -183,7 +182,7 @@ hwbinder_use(system_server)
 hwallocator_use(system_server)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_contexthub)
-binder_call(system_server, hal_fingerprint)
+hal_client_domain(system_server, hal_fingerprint)
 binder_call(system_server, hal_gnss);
 binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
diff --git a/public/attributes b/public/attributes
index 281724e14df14f6aa7dd1162bae45ccf137aaeef..033592255f2e0c0bbd9c6d83b1160ac7b2d98df3 100644
--- a/public/attributes
+++ b/public/attributes
@@ -139,6 +139,8 @@ attribute hal_drm_client;
 attribute hal_drm_server;
 attribute hal_dumpstate;
 attribute hal_fingerprint;
+attribute hal_fingerprint_client;
+attribute hal_fingerprint_server;
 attribute hal_gatekeeper;
 attribute hal_gnss;
 attribute hal_graphics_allocator;
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index 8405a7ea88e1b0736e2a1bf1584143d7a46465a9..580ef3796356f74e0c7c378eef8310ef63d6339b 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -1,22 +1,15 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_fingerprint_client, hal_fingerprint_server)
+binder_call(hal_fingerprint_server, hal_fingerprint_client)
+
 # allow HAL module to read dir contents
 allow hal_fingerprint fingerprintd_data_file:file create_file_perms;
 
 # allow HAL module to read/write/unlink contents of this dir
 allow hal_fingerprint fingerprintd_data_file:dir rw_dir_perms;
 
-# Need to add auth tokens to KeyStore
-use_keystore(hal_fingerprint)
-allow hal_fingerprint keystore:keystore_key add_auth;
-
-# For permissions checking
-binder_call(hal_fingerprint, system_server);
-allow hal_fingerprint permission_service:service_manager find;
-
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
-# Allow fingerprint to find and call keystore binder interfaces
-binder_use(hal_fingerprint);
-
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index c392a858319c2dfa621610642828b81d943f64e1..2b9001ebdcd16c59a5f77c15bbc9d61eb4557083 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -1,5 +1,5 @@
 type hal_fingerprint_default, domain;
-hal_impl_domain(hal_fingerprint_default, hal_fingerprint)
+hal_server_domain(hal_fingerprint_default, hal_fingerprint)
 
 type hal_fingerprint_default_exec, exec_type, file_type;
 init_daemon_domain(hal_fingerprint_default)