diff --git a/private/app.te b/private/app.te
index ed2d8b6081fd72a94adbd7c12700280c4a1db34a..c5943ddb602317d56a514882e12682b2a46edfe2 100644
--- a/private/app.te
+++ b/private/app.te
@@ -244,6 +244,9 @@ allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
 # TODO is write really necessary ?
 auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write append };
 
+# TODO(b/36375899) replace with hal_client_domain for mediacodec (hal_omx)
+get_prop({ appdomain -isolated_app }, hwservicemanager_prop);
+
 # Allow app to access the graphic allocator HAL
 binder_call({ appdomain -isolated_app }, hal_graphics_allocator)
 
diff --git a/private/halclientdomain.te b/private/halclientdomain.te
index aa224ec04ff86fe5d7f5f4db06385f3400a48d22..d4bdef93d62e1c230b2e4db02afd7ddee1b5a4a2 100644
--- a/private/halclientdomain.te
+++ b/private/halclientdomain.te
@@ -5,3 +5,6 @@
 # Find out whether a HAL in passthrough/in-process mode or
 # binderized/out-of-process mode
 hwbinder_use(halclientdomain)
+
+# Used to wait for hwservicemanager
+get_prop(halclientdomain, hwservicemanager_prop)
diff --git a/private/halserverdomain.te b/private/halserverdomain.te
index 7be8360a4dda64bb51b27d7adcd83106271e9895..f36e0e7d8f15cae1cc86b4259a1610540d9839ce 100644
--- a/private/halserverdomain.te
+++ b/private/halserverdomain.te
@@ -7,3 +7,6 @@ hwbinder_use(halserverdomain)
 
 # Find HAL implementations
 allow halserverdomain system_file:dir r_dir_perms;
+
+# Used to wait for hwservicemanager
+get_prop(halserverdomain, hwservicemanager_prop)
diff --git a/public/bootanim.te b/public/bootanim.te
index 9c5702ddfed98f3a041243c6230814a2a66db688..99224510b3ab59678b9ba2f3d2152ec1ed96db1a 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -2,6 +2,9 @@
 type bootanim, domain;
 type bootanim_exec, exec_type, file_type;
 
+hal_client_domain(bootanim, hal_graphics_allocator)
+hal_client_domain(bootanim, hal_graphics_composer)
+
 binder_use(bootanim)
 binder_call(bootanim, surfaceflinger)
 binder_call(bootanim, audioserver)
diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 231443357b9289a582707903ed0a6f841dbce760..7d5be49fe8f8639707d73cc0969375b8af0eee1b 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@@ -2,6 +2,8 @@
 type bufferhubd, domain, mlstrustedsubject;
 type bufferhubd_exec, exec_type, file_type;
 
+hal_client_domain(bufferhubd, hal_graphics_allocator)
+
 pdx_server(bufferhubd)
 use_pdx(bufferhubd, performanced)
 
diff --git a/public/mediacodec.te b/public/mediacodec.te
index 6ab90eb3ddca40b1518e3782c60ffeac7f44c95d..f0e7e9a3d39e1c01e6e63bc177b10c20e9b777cd 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -4,6 +4,10 @@ type mediacodec_exec, exec_type, file_type;
 
 typeattribute mediacodec mlstrustedsubject;
 
+# TODO(b/36375899) attributize this domain appropriately as hal_omx
+# and use macro hal_server_domain
+get_prop(mediacodec, hwservicemanager_prop)
+
 binder_use(mediacodec)
 binder_call(mediacodec, binderservicedomain)
 binder_call(mediacodec, appdomain)
diff --git a/public/mediaserver.te b/public/mediaserver.te
index a641bf7432f208f9676fb5c8443947ef9664c511..46140b3ac2911721cf02f11663dec8097704cf7c 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -4,6 +4,9 @@ type mediaserver_exec, exec_type, file_type;
 
 typeattribute mediaserver mlstrustedsubject;
 
+# TODO(b/36375899): replace with hal_client_domain macro on hal_omx
+typeattribute mediaserver halclientdomain;
+
 net_domain(mediaserver)
 
 r_dir_file(mediaserver, sdcard_type)
diff --git a/public/sensord.te b/public/sensord.te
index bffe3cda4359f6a3c6c8f056a1ebad51481a66d9..3211f8103b3cecea9fd813724b3220fd6067cc53 100644
--- a/public/sensord.te
+++ b/public/sensord.te
@@ -2,6 +2,9 @@
 type sensord, domain, mlstrustedsubject;
 type sensord_exec, exec_type, file_type;
 
+hal_client_domain(sensord, hal_graphics_allocator)
+allow sensord hal_graphics_allocator:fd use;
+
 pdx_server(sensord)
 use_pdx(sensord, bufferhubd)
 use_pdx(sensord, performanced)