diff --git a/public/attributes b/public/attributes
index e48f96f69ce7f61b0e375caa34b220ad82fb6273..0d9428cce94fc67dfbe6c8a33e86686c7819b368 100644
--- a/public/attributes
+++ b/public/attributes
@@ -128,6 +128,8 @@ attribute hal_audio_client;
 attribute hal_audio_server;
 attribute hal_bluetooth;
 attribute hal_camera;
+attribute hal_camera_client;
+attribute hal_camera_server;
 attribute hal_configstore;
 attribute hal_contexthub;
 attribute hal_drm;
diff --git a/public/cameraserver.te b/public/cameraserver.te
index a262940fb550c92a154545f2e5ef7de109c75531..aa7d107f3ea4b6de727393eb50c5406ccda0fe91 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -7,19 +7,9 @@ binder_call(cameraserver, binderservicedomain)
 binder_call(cameraserver, appdomain)
 binder_service(cameraserver)
 
-hwbinder_use(cameraserver)
-binder_call(cameraserver, hal_camera)
-binder_call(cameraserver, hwservicemanager)
+hal_client_domain(cameraserver, hal_camera)
 
-# access /data/misc/camera
-allow cameraserver camera_data_file:dir create_dir_perms;
-allow cameraserver camera_data_file:file create_file_perms;
-
-allow cameraserver video_device:dir r_dir_perms;
-allow cameraserver video_device:chr_file rw_file_perms;
-allow cameraserver camera_device:chr_file rw_file_perms;
 allow cameraserver ion_device:chr_file rw_file_perms;
-allow cameraserver hal_graphics_allocator:fd use;
 
 add_service(cameraserver, cameraserver_service)
 allow cameraserver appops_service:service_manager find;
@@ -31,9 +21,6 @@ allow cameraserver processinfo_service:service_manager find;
 allow cameraserver scheduling_policy_service:service_manager find;
 allow cameraserver surfaceflinger_service:service_manager find;
 
-# For HIDL hwservicemanager
-allow cameraserver system_file:dir r_dir_perms;
-
 ###
 ### neverallow rules
 ###
diff --git a/public/hal_camera.te b/public/hal_camera.te
index b879c980865eb973dc8544cc9d714c4a6d47ac89..02b8e77b6764117d8d556142c1c6d40f3c06d5a4 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -1,5 +1,6 @@
-hwbinder_use(hal_camera)
-binder_call(hal_camera, cameraserver)
+# HwBinder IPC from clients to server and callbacks
+binder_call(hal_camera_client, hal_camera_server)
+binder_call(hal_camera_server, hal_camera_client)
 
 # access /data/misc/camera
 allow hal_camera camera_data_file:dir create_dir_perms;
@@ -9,7 +10,8 @@ allow hal_camera video_device:dir r_dir_perms;
 allow hal_camera video_device:chr_file rw_file_perms;
 allow hal_camera camera_device:chr_file rw_file_perms;
 allow hal_camera ion_device:chr_file rw_file_perms;
-allow hal_camera hal_graphics_allocator:fd use;
+# Both the client and the server need to use the graphics allocator
+allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
 
 
 ###
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index a97989a543c4cc1bc2aa0e0bd39eb7c44fca773f..8fdb4f009270011e0bd56d58fd603b1840a38dd7 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -1,5 +1,5 @@
 type hal_camera_default, domain;
-hal_impl_domain(hal_camera_default, hal_camera)
+hal_server_domain(hal_camera_default, hal_camera)
 
 type hal_camera_default_exec, exec_type, file_type;
 init_daemon_domain(hal_camera_default)