diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te
index 5fcb5547..f604875f 100644
--- a/whitechapel_pro/hal_camera_default.te
+++ b/whitechapel_pro/hal_camera_default.te
@@ -10,6 +10,11 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms;
 allow hal_camera_default gpu_device:chr_file rw_file_perms;
 allow hal_camera_default sysfs_chip_id:file r_file_perms;
 
+# Face authentication code that is part of the camera HAL needs to allocate
+# dma_bufs and access the Trusted Execution Environment device node
+allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_camera_default tee_device:chr_file rw_file_perms;
+
 # Allow the camera hal to access the EdgeTPU service and the
 # Android shared memory allocated by the EdgeTPU service for
 # on-device compilation.