diff --git a/private/file_contexts b/private/file_contexts
index 95b27820bd1cc95cf38e1a3a95ef4f19383b6cda..31b7076fc835f7923b9706d4b63e704d96c2fe6a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -259,6 +259,7 @@
 /system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
 /system/bin/hw/android\.hardware\.sensors@1\.0-service        u:object_r:hal_sensors_default_exec:s0
 /system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_default_exec:s0
+/system/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0
diff --git a/private/hal_usb_default.te b/private/hal_usb_default.te
new file mode 100644
index 0000000000000000000000000000000000000000..24017f9e05a03718aa35b17772ef2b78287ba02b
--- /dev/null
+++ b/private/hal_usb_default.te
@@ -0,0 +1,4 @@
+type hal_usb_default, domain;
+hal_impl_domain(hal_usb_default, hal_usb)
+type hal_usb_default_exec, exec_type, file_type;
+init_daemon_domain(hal_usb_default)
diff --git a/public/attributes b/public/attributes
index 1aacd9e33aeccb34c223b2f8c673086f9e752d65..4822ed5d140c3573998be7fdb9aa422afd7fac51 100644
--- a/public/attributes
+++ b/public/attributes
@@ -138,6 +138,7 @@ attribute hal_power;
 attribute hal_sensors;
 attribute hal_telephony;
 attribute hal_thermal;
+attribute hal_usb;
 attribute hal_vibrator;
 attribute hal_vr;
 attribute hal_wifi;
diff --git a/public/hal_usb.te b/public/hal_usb.te
new file mode 100644
index 0000000000000000000000000000000000000000..5c31c065c96c8c213082c93817f9d26a917c8bc3
--- /dev/null
+++ b/public/hal_usb.te
@@ -0,0 +1,14 @@
+# call into system_server process (callbacks)
+binder_call(hal_usb, system_server)
+
+allow hal_usb self:netlink_kobject_uevent_socket create;
+allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket bind;
+allow hal_usb self:netlink_kobject_uevent_socket read;
+allow hal_usb sysfs:dir open;
+allow hal_usb sysfs:dir read;
+allow hal_usb sysfs:file read;
+allow hal_usb sysfs:file open;
+allow hal_usb sysfs:file write;
+allow hal_usb sysfs:file getattr;
+
diff --git a/public/system_server.te b/public/system_server.te
index 1dfdafaf7da300ef76fd9c48331ce6e47521e5c6..61f640dffb3923bfbc9e8886f6c6dd56c3c67c41 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -178,6 +178,7 @@ binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)
 binder_call(system_server, hal_sensors)
 binder_call(system_server, hal_thermal)
+binder_call(system_server, hal_usb)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, hal_wifi)