diff --git a/private/file_contexts b/private/file_contexts
index 8c94bfbc8778674a18808ef754050a5bb6447084..76297c33ffad01ed5a570d07e1ed343aac7d4df4 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -225,7 +225,7 @@
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
-/system/bin/hw/wifi_hal_legacy                                u:object_r:wifi_hal_legacy_exec:s0
+/system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/wifi_hal_legacy.te b/private/hal_wifi.te
similarity index 77%
rename from private/wifi_hal_legacy.te
rename to private/hal_wifi.te
index cb2c6dab56008f0cf8fc1294e0a0899fe808e7a0..7c1b7b66577d09758673ee88f0b15a59585a4cf0 100644
--- a/private/wifi_hal_legacy.te
+++ b/private/hal_wifi.te
@@ -1,3 +1,3 @@
 # type_transition must be private policy the domain_trans rules could stay
 # public, but conceptually should go with this
-init_daemon_domain(wifi_hal_legacy)
+init_daemon_domain(hal_wifi)
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
new file mode 100644
index 0000000000000000000000000000000000000000..1f117d22d02a4775ab308edb7de37c83a0eee39d
--- /dev/null
+++ b/public/hal_wifi.te
@@ -0,0 +1,22 @@
+# wifi legacy hal
+type hal_wifi, domain;
+type hal_wifi_exec, exec_type, file_type;
+
+## hwbinder access
+hwbinder_use(hal_wifi)
+
+## call into wificond process (callbacks)
+binder_call(hal_wifi, wificond)
+
+r_dir_file(hal_wifi, proc_net)
+r_dir_file(hal_wifi, sysfs_type)
+
+# allow hal wifi set interfaces up and down
+allow hal_wifi self:udp_socket create_socket_perms;
+allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS };
+
+allow hal_wifi self:capability { net_admin net_raw };
+# allow hal_wifi to speak to nl80211 in the kernel
+allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/public/wifi_hal_legacy.te b/public/wifi_hal_legacy.te
deleted file mode 100644
index ccdd96ca2650af8315c6ba2b70bda795a95659eb..0000000000000000000000000000000000000000
--- a/public/wifi_hal_legacy.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# wifi legacy hal
-type wifi_hal_legacy, domain;
-type wifi_hal_legacy_exec, exec_type, file_type;
-
-## hwbinder access
-hwbinder_use(wifi_hal_legacy)
-
-## call into wificond process (callbacks)
-binder_call(wifi_hal_legacy, wificond)
-
-r_dir_file(wifi_hal_legacy, proc_net)
-r_dir_file(wifi_hal_legacy, sysfs_type)
-
-allow wifi_hal_legacy self:udp_socket create_socket_perms;
-allow wifi_hal_legacy self:capability { net_admin net_raw };
-# allow wifi_hal_legacy to speak to nl80211 in the kernel
-allow wifi_hal_legacy self:netlink_socket create_socket_perms_no_ioctl;
-# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
-allow wifi_hal_legacy self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/public/wificond.te b/public/wificond.te
index 0dd709f2c86389749de40fd86528485278882cac..c6b85fccfe9baac0b3367ca1dfdd3cdb550830f3 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -6,7 +6,7 @@ binder_use(wificond)
 binder_call(wificond, system_server)
 
 hwbinder_use(wificond)
-binder_call(wificond, wifi_hal_legacy)
+binder_call(wificond, hal_wifi)
 binder_call(wificond, wpa)
 
 allow wificond wificond_service:service_manager { add find };