diff --git a/private/system_server.te b/private/system_server.te
index 738a84eeb..a1f989935 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -170,7 +170,6 @@ binder_call(system_server, appdomain)
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
 binder_call(system_server, fingerprintd)
-binder_call(system_server, hal_fingerprint)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
@@ -183,7 +182,7 @@ hwbinder_use(system_server)
 hwallocator_use(system_server)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_contexthub)
-binder_call(system_server, hal_fingerprint)
+hal_client_domain(system_server, hal_fingerprint)
 binder_call(system_server, hal_gnss);
 binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
diff --git a/public/attributes b/public/attributes
index 281724e14..033592255 100644
--- a/public/attributes
+++ b/public/attributes
@@ -139,6 +139,8 @@ attribute hal_drm_client;
 attribute hal_drm_server;
 attribute hal_dumpstate;
 attribute hal_fingerprint;
+attribute hal_fingerprint_client;
+attribute hal_fingerprint_server;
 attribute hal_gatekeeper;
 attribute hal_gnss;
 attribute hal_graphics_allocator;
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index 8405a7ea8..580ef3796 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -1,22 +1,15 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_fingerprint_client, hal_fingerprint_server)
+binder_call(hal_fingerprint_server, hal_fingerprint_client)
+
 # allow HAL module to read dir contents
 allow hal_fingerprint fingerprintd_data_file:file create_file_perms;
 
 # allow HAL module to read/write/unlink contents of this dir
 allow hal_fingerprint fingerprintd_data_file:dir rw_dir_perms;
 
-# Need to add auth tokens to KeyStore
-use_keystore(hal_fingerprint)
-allow hal_fingerprint keystore:keystore_key add_auth;
-
-# For permissions checking
-binder_call(hal_fingerprint, system_server);
-allow hal_fingerprint permission_service:service_manager find;
-
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
-# Allow fingerprint to find and call keystore binder interfaces
-binder_use(hal_fingerprint);
-
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index c392a8583..2b9001ebd 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -1,5 +1,5 @@
 type hal_fingerprint_default, domain;
-hal_impl_domain(hal_fingerprint_default, hal_fingerprint)
+hal_server_domain(hal_fingerprint_default, hal_fingerprint)
 
 type hal_fingerprint_default_exec, exec_type, file_type;
 init_daemon_domain(hal_fingerprint_default)