diff --git a/public/hwservicemanager.te b/public/hwservicemanager.te
index f179599b2970b09ce58b32ba6c78c158e354a7c4..20a722931b0f1c1905d1c69228e78f1ee0a97683 100644
--- a/public/hwservicemanager.te
+++ b/public/hwservicemanager.te
@@ -3,13 +3,12 @@ type hwservicemanager, domain, mlstrustedsubject;
 type hwservicemanager_exec, exec_type, file_type;
 
 # Note that we do not use the binder_* macros here.
-# hwservicemanager only provides name service (aka context manager)
-# for Binder.
-# As such, it only ever receives and transfers other references
-# created by other domains.  It never passes its own references
-# or initiates a Binder IPC.
+# hwservicemanager provides name service (aka context manager)
+# for hwbinder.
+# Additionally, it initiates binder IPC calls to
+# clients who request service notifications. The permission
+# to do this is granted in the hwbinder_use macro.
 allow hwservicemanager self:binder set_context_mgr;
-allow hwservicemanager { domain -init }:binder transfer;
 
 set_prop(hwservicemanager, hwservicemanager_prop)
 
diff --git a/public/te_macros b/public/te_macros
index 6a1a5ffe38e7c2d6b1a679ebfec1eb6b4055c764..094642c0c49a70a8b2e7c83efbad4092d510d43b 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -192,6 +192,8 @@ allow servicemanager $1:process getattr;
 define(`hwbinder_use', `
 # Call the hwservicemanager and transfer references to it.
 allow $1 hwservicemanager:binder { call transfer };
+# Allow hwservicemanager to send out callbacks
+allow hwservicemanager $1:binder { call transfer };
 # hwservicemanager performs getpidcon on clients.
 allow hwservicemanager $1:dir search;
 allow hwservicemanager $1:file { read open };