diff --git a/dauntless/hal_keymint_citadel.te b/dauntless/hal_keymint_citadel.te
index 04680edf..29f528f1 100644
--- a/dauntless/hal_keymint_citadel.te
+++ b/dauntless/hal_keymint_citadel.te
@@ -2,3 +2,7 @@ type hal_keymint_citadel, domain;
 type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(hal_keymint_citadel)
+
+hal_server_domain(hal_keymint_citadel, hal_keymint)
+
+allow hal_keymint_citadel citadeld_service:service_manager find;
diff --git a/dauntless/service_contexts b/dauntless/service_contexts
new file mode 100644
index 00000000..5639b588
--- /dev/null
+++ b/dauntless/service_contexts
@@ -0,0 +1,2 @@
+android.hardware.security.keymint.IKeyMintDevice/strongbox      u:object_r:hal_keymint_service:s0
+android.hardware.security.sharedsecret.ISharedSecret/strongbox  u:object_r:hal_sharedsecret_service:s0
diff --git a/tracking_denials/hal_keymint_citadel.te b/tracking_denials/hal_keymint_citadel.te
deleted file mode 100644
index d9000fe0..00000000
--- a/tracking_denials/hal_keymint_citadel.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/202907039
-dontaudit hal_keymint_citadel default_android_vndservice:service_manager { find };