diff --git a/private/file_contexts b/private/file_contexts
index 95293f79a523cd5a239efeb19106286ab99eb202..c081f5b404f0281d81a89acaef94453dc08d1070 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -244,6 +244,7 @@
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0
+/system/bin/hw/android\.hidl\.memory@1\.0-service             u:object_r:hal_allocator_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/hal_allocator.te b/private/hal_allocator.te
new file mode 100644
index 0000000000000000000000000000000000000000..d185d490d7575bd7a97e023ed18adb9f09c3f2a8
--- /dev/null
+++ b/private/hal_allocator.te
@@ -0,0 +1 @@
+init_daemon_domain(hal_allocator)
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
new file mode 100644
index 0000000000000000000000000000000000000000..784bacbce58a02f40f130f4c9c8936d1c13d1a37
--- /dev/null
+++ b/public/hal_allocator.te
@@ -0,0 +1,6 @@
+# allocator subsystem
+type hal_allocator, domain;
+type hal_allocator_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_allocator)
diff --git a/public/te_macros b/public/te_macros
index 2dca5e2e946f3375fd7b1819277c72b3f12d3c7b..60c7a1a1bb51ce8640b812613bc2e98977e400e1 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -222,6 +222,14 @@ define(`binder_service', `
 typeattribute $1 binderservicedomain;
 ')
 
+#####################################
+# hwallocator_use(domain)
+# Allow a domain to use Hidl shared memory
+define(`hwallocator_use', `
+# Call into the allocator hal
+binder_call($1, hal_allocator);
+'')
+
 #####################################
 # wakelock_use(domain)
 # Allow domain to manage wake locks