diff --git a/widevine/sepolicy/hal_drm_clearkey.te b/widevine/sepolicy/hal_drm_clearkey.te
index 81ecfb9..fff4f0d 100644
--- a/widevine/sepolicy/hal_drm_clearkey.te
+++ b/widevine/sepolicy/hal_drm_clearkey.te
@@ -1,5 +1,6 @@
+# sepolicy for DRM clearkey
 type hal_drm_clearkey, domain;
 type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_drm_clearkey)
 
-#TODO: snehalreddy@ add sepolicy
+hal_server_domain(hal_drm_clearkey, hal_drm)
diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
index 41e395a..9b4792e 100644
--- a/widevine/sepolicy/hal_drm_widevine.te
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -1,5 +1,13 @@
+# sepolicy for DRM widevine
 type hal_drm_widevine, domain;
 type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_drm_widevine)
 
-#TODO: snehalreddy@ add sepolicy
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+# L3
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+
+#L1
+#TODO(snehalreddy@) : Add L1 permissions