diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
index 37288bc8..aab20563 100644
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@@ -3,5 +3,4 @@ dontaudit kernel kernel:perf_event { cpu };
 dontaudit kernel kernel:perf_event { cpu };
 userdebug_or_eng(`
   permissive kernel;
-  permissive hal_uwb_default;
 ')
diff --git a/whitechapel/vendor/google/gmscore_app.te b/whitechapel/vendor/google/gmscore_app.te
new file mode 100644
index 00000000..d2394b77
--- /dev/null
+++ b/whitechapel/vendor/google/gmscore_app.te
@@ -0,0 +1,3 @@
+# Allow gmscore to use UwbService APIs
+# TODO (b/183904955): remove
+allow gmscore_app uwb_service:service_manager find;
diff --git a/whitechapel/vendor/google/hal_uwb_default.te b/whitechapel/vendor/google/hal_uwb_default.te
index bb825e38..f066aa4d 100644
--- a/whitechapel/vendor/google/hal_uwb_default.te
+++ b/whitechapel/vendor/google/hal_uwb_default.te
@@ -1,3 +1,5 @@
 type hal_uwb_default, domain;
 type hal_uwb_default_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_uwb_default)
+
+add_service(hal_uwb_default, hal_uwb_service)
diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te
index f66b28c3..debd8bd9 100644
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@@ -1,3 +1,4 @@
 type hal_pixel_display_service, service_manager_type, vendor_service;
 type uwb_service, service_manager_type;
 type touch_context_service, service_manager_type, vendor_service;
+type hal_uwb_service, service_manager_type, vendor_service;
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 8faa69bd..f3a6acb8 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -3,3 +3,4 @@ com.google.edgetpu.IEdgeTpuService/default                 u:object_r:edgetpu_se
 com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
 com.google.input.ITouchContextService/default              u:object_r:touch_context_service:s0
 uwb                                                        u:object_r:uwb_service:s0
+hardware.qorvo.uwb.IUwb/default                            u:object_r:hal_uwb_service:s0
diff --git a/whitechapel/vendor/google/untrusted_app_all.te b/whitechapel/vendor/google/untrusted_app_all.te
index ae7386fc..01206d90 100644
--- a/whitechapel/vendor/google/untrusted_app_all.te
+++ b/whitechapel/vendor/google/untrusted_app_all.te
@@ -8,3 +8,7 @@ allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map }
 # Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
 # for secure video playback
 allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
+
+# Allows cts tests to test for UwbService presence
+# TODO (b/183904955): remove
+allow untrusted_app_all uwb_service:service_manager find;
diff --git a/whitechapel/vendor/google/uwb_service.te b/whitechapel/vendor/google/uwb_service.te
new file mode 100644
index 00000000..7360278d
--- /dev/null
+++ b/whitechapel/vendor/google/uwb_service.te
@@ -0,0 +1 @@
+allow uwb_service hal_uwb_service:service_manager find;