diff --git a/hci_attach.te b/hci_attach.te
index 40e3150852a803945a9e8fa3dbb1eeb5bd66975c..2a55d512b177896a539e7898ff336b1124da9d10 100644
--- a/hci_attach.te
+++ b/hci_attach.te
@@ -1,5 +1,10 @@
 type hci_attach, domain;
+permissive hci_attach;
 type hci_attach_exec, exec_type, file_type;
 
 init_daemon_domain(hci_attach)
-unconfined_domain(hci_attach)
+
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;