diff --git a/mediadrmserver.te b/mediadrmserver.te
index cfa4b282d68d9e90ead07e945182d2d4f7565706..d9368ad3735203fd6a0b078533c34e6e202d87f6 100644
--- a/mediadrmserver.te
+++ b/mediadrmserver.te
@@ -49,6 +49,7 @@ allow mediadrmserver tee:unix_stream_socket connectto;
 allow mediadrmserver mediadrmserver_service:service_manager { add find };
 allow mediadrmserver mediaserver_service:service_manager { add find };
 allow mediadrmserver processinfo_service:service_manager find;
+allow mediadrmserver surfaceflinger_service:service_manager find;
 
 # only allow unprivileged socket ioctl commands
 allowxperm mediadrmserver self:{ rawip_socket tcp_socket udp_socket }