binder_call(hal_gatekeeper_client, hal_gatekeeper_server)

hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
hal_attribute_service(hal_gatekeeper, hal_gatekeeper_service)
binder_call(hal_gatekeeper_server, servicemanager)

# TEE access.
allow hal_gatekeeper tee_device:chr_file rw_file_perms;
allow hal_gatekeeper ion_device:chr_file r_file_perms;