diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index d590939d667906e51d7dd19b0a3bd33d8b86e2c4..2f5f1f5cda4a996785f981f0d48ce21b3de2745c 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -34,6 +34,7 @@
     exported2_vold_prop
     exported3_default_prop
     exported3_system_prop
+    fingerprint_vendor_data_file
     fs_bpf
     hal_authsecret_hwservice
     hal_broadcastradio_hwservice
diff --git a/private/file_contexts b/private/file_contexts
index be644438f6f9187533e919ef0d80557a4c9bcfa1..f530c7b8ed4422ac71094eb42e149b9e23b7b8f1 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -417,6 +417,9 @@
 # Fingerprint data
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
 
+# Fingerprint vendor data file
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 58e510ed8bfcc08ade800b78a50f4ffebaeac714..6acb2ced556b82c65d433ceaaae6c46654373968 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -13,3 +13,4 @@ allow vold_prepare_subdirs system_data_file:dir { open read write add_name remov
 allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir };
 allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
 allow vold_prepare_subdirs storaged_data_file:dir create_dir_perms;
+allow vold_prepare_subdirs fingerprint_vendor_data_file:dir create_dir_perms;
diff --git a/public/domain.te b/public/domain.te
index 5879e26bb8118eb424ceb454c3a8595a7e023475..06ee37e7d1b633491b0eca50d596389147f0b084 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -768,6 +768,7 @@ full_treble_only(`
     -data_between_core_and_vendor_violators
     -init
     -vendor_init
+    -vold_prepare_subdirs
   } {
     data_file_type
     -core_data_file_type
@@ -778,6 +779,7 @@ full_treble_only(`
     -data_between_core_and_vendor_violators
     -init
     -vendor_init
+    -vold_prepare_subdirs
     } {
       data_file_type
       -core_data_file_type
diff --git a/public/file.te b/public/file.te
index 6b64e023f799e098891a3489e8621a1640b2a28b..7ec4a463fe8e9079700f5a042d954b5cdf65d14d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -295,6 +295,8 @@ type backup_data_file, file_type, data_file_type, core_data_file_type, mlstruste
 type bluetooth_efs_file, file_type;
 # Type for fingerprint template file
 type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
+# Type for _new_ fingerprint template file
+type fingerprint_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index 36de76191c0a38118a576784af64e9aaf5cb4424..ebe0b0c82a77f1a5a0c0b131f76b9a4ec20ffc47 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -8,5 +8,10 @@ allow hal_fingerprint_client hal_fingerprint_hwservice:hwservice_manager find;
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
+allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
+
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)
+
+
diff --git a/public/tee.te b/public/tee.te
index f023d5c239350e9fea693a0057f497a7b7f502ee..0f9b32dc9d4cb095f4ea361e39a52b09d0c01b29 100644
--- a/public/tee.te
+++ b/public/tee.te
@@ -5,3 +5,7 @@ type tee, domain;
 
 # Device(s) for communicating with the TEE
 type tee_device, dev_type;
+
+allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
+allow tee fingerprint_vendor_data_file:file create_file_perms;
+