diff --git a/private/app.te b/private/app.te
index d6dc48cbbc1acde5f099584887a94611121f16f3..2fddb444f90c48ec31f25b8a3e15daadcd7235af 100644
--- a/private/app.te
+++ b/private/app.te
@@ -273,6 +273,9 @@ get_prop({ appdomain -isolated_app }, hwservicemanager_prop);
 # Allow app to access the graphic allocator HAL
 binder_call({ appdomain -isolated_app }, hal_graphics_allocator)
 
+# Allow app access to mediacodec (IOMX HAL)
+binder_call({ appdomain -isolated_app }, mediacodec)
+
 # App can access configstore HAL which is read only
 binder_call({ appdomain -isolated_app }, hal_configstore)
 
diff --git a/private/system_server.te b/private/system_server.te
index e200bef2d8ccfa0e04197a7df072c0d66f9dcce9..0f0dcdc5582001815d6e18dbbe9bac85c7e5a18d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -199,6 +199,8 @@ hal_client_domain(system_server, hal_wifi)
 
 hal_client_domain(system_server, hal_wifi_supplicant)
 
+binder_call(system_server, mediacodec)
+
 # Talk with graphics composer fences
 allow system_server hal_graphics_composer:fd use;
 
diff --git a/public/mediacodec.te b/public/mediacodec.te
index e4801b628db8bc4f23a91f0dc681061273135631..3445c7a62dc2554bd12c98fc370d8b7376824bea 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -15,19 +15,17 @@ full_treble_only(`
 not_full_treble(`
     # on legacy devices, continue to allow /dev/binder traffic
     binder_use(mediacodec)
+    binder_service(mediacodec)
+    add_service(mediacodec, mediacodec_service)
+    allow mediacodec mediametrics_service:service_manager find;
+    allow mediacodec surfaceflinger_service:service_manager find;
 ')
 binder_call(mediacodec, binderservicedomain)
 binder_call(mediacodec, appdomain)
-binder_service(mediacodec)
 
 # Allow mediacodec access to composer sync fences
 allow mediacodec hal_graphics_composer:fd use;
 
-# TODO(b/36604251): Remove this once OMX HAL stops using Binder
-typeattribute mediacodec binder_in_vendor_violators;
-add_service(mediacodec, mediacodec_service)
-allow mediacodec mediametrics_service:service_manager find;
-allow mediacodec surfaceflinger_service:service_manager find;
 allow mediacodec gpu_device:chr_file rw_file_perms;
 allow mediacodec video_device:chr_file rw_file_perms;
 allow mediacodec video_device:dir search;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 01cc4d8c793f22d3f1ca62bf15f17779a33b68f2..8c9ef31f2871fc35a82c9a7e87a361e6020e5f94 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -132,6 +132,8 @@ allow mediaserver system_server:fd use;
 
 hal_client_domain(mediaserver, hal_allocator)
 
+binder_call(mediaserver, mediacodec)
+
 ###
 ### neverallow rules
 ###