diff --git a/whitechapel/vendor/google/hal_uwb.te b/whitechapel/vendor/google/hal_uwb.te
new file mode 100644
index 00000000..d0995686
--- /dev/null
+++ b/whitechapel/vendor/google/hal_uwb.te
@@ -0,0 +1,15 @@
+# HwBinder IPC from client to server
+binder_call(hal_uwb_client, hal_uwb_server)
+binder_call(hal_uwb_server, hal_uwb_client)
+
+hal_attribute_service(hal_uwb, hal_uwb_service)
+
+binder_call(hal_uwb_server, servicemanager)
+
+# allow hal_uwb to set wpan interfaces up and down
+allow hal_uwb self:udp_socket create_socket_perms;
+allowxperm hal_uwb self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
+allow hal_uwb self:global_capability_class_set { net_admin };
+
+# allow hal_uwb to speak to nl802154 in the kernel
+allow hal_uwb self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/whitechapel/vendor/google/hal_uwb_default.te b/whitechapel/vendor/google/hal_uwb_default.te
index f066aa4d..2d513b61 100644
--- a/whitechapel/vendor/google/hal_uwb_default.te
+++ b/whitechapel/vendor/google/hal_uwb_default.te
@@ -3,3 +3,6 @@ type hal_uwb_default_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_uwb_default)
 
 add_service(hal_uwb_default, hal_uwb_service)
+
+hal_server_domain(hal_uwb_default, hal_uwb)
+binder_call(hal_uwb_default, uwb_vendor_app)
diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/whitechapel/vendor/google/uwb_vendor_app.te
index aee5c49f..e0a9ebc9 100644
--- a/whitechapel/vendor/google/uwb_vendor_app.te
+++ b/whitechapel/vendor/google/uwb_vendor_app.te
@@ -4,9 +4,15 @@ app_domain(uwb_vendor_app)
 
 add_service(uwb_vendor_app, uwb_vendor_service)
 
+not_recovery(`
+hal_client_domain(uwb_vendor_app, hal_uwb)
+
 allow uwb_vendor_app app_api_service:service_manager find;
 allow uwb_vendor_app hal_uwb_service:service_manager find;
 allow uwb_vendor_app nfc_service:service_manager find;
 
 allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
 allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
+
+binder_call(uwb_vendor_app, hal_uwb_default)
+')