diff --git a/private/file_contexts b/private/file_contexts
index 66718e2e7b3d33a40022964d34790262e27c18d5..3e7d41b0c78c2021ec4cca0cd0594c1d7e3ce788 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -226,6 +226,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_exec:s0
 /system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
diff --git a/private/hal_health.te b/private/hal_health.te
new file mode 100644
index 0000000000000000000000000000000000000000..93115b0355a5b7d2cd267a722855f2739b793477
--- /dev/null
+++ b/private/hal_health.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_health)
diff --git a/public/hal_health.te b/public/hal_health.te
new file mode 100644
index 0000000000000000000000000000000000000000..2b498a29a7d5389833ce2f19b0785e66caaa3fd2
--- /dev/null
+++ b/public/hal_health.te
@@ -0,0 +1,14 @@
+# health info abstraction
+type hal_health, domain;
+type hal_health_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_health)
+
+# call into healthd for callbacks
+binder_call(hal_health, healthd)
+
+# Read access to system files for HALs in
+# /{system,vendor,odm}/lib[64]/hw/ in order
+# to be able to open the hal implementation .so files
+r_dir_file(hal_health, system_file)
diff --git a/public/healthd.te b/public/healthd.te
index cbc5c46a6f298e675a3a29ccdc19ef7741377ef9..8d71cfd3353b3dcca41ff7c1d3223b6fd642272a 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -10,6 +10,10 @@ r_dir_file(healthd, sysfs_type)
 r_dir_file(healthd, rootfs)
 r_dir_file(healthd, cgroup)
 
+# Read access to system files for passthrough HALs in
+# /{system,vendor,odm}/lib[64]/hw/
+r_dir_file(healthd, system_file)
+
 allow healthd self:capability { net_admin sys_tty_config };
 
 wakelock_use(healthd)
@@ -19,6 +23,8 @@ allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 binder_use(healthd)
 binder_service(healthd)
 binder_call(healthd, system_server)
+binder_call(healthd, hwservicemanager)
+binder_call(healthd, hal_health)
 
 allow healthd sysfs_batteryinfo:file r_file_perms;
 allow healthd batteryproperties_service:service_manager { add find };