diff --git a/vendor/hal_fingerprint_debug.te b/vendor/hal_fingerprint_debug.te
new file mode 100644
index 0000000..8b8e330
--- /dev/null
+++ b/vendor/hal_fingerprint_debug.te
@@ -0,0 +1,24 @@
+# SE policies for IFingerprintDebug
+type hal_fingerprint_debug_service, hal_service_type, protected_service, service_manager_type;
+
+userdebug_or_eng(`
+    # Declare domains for the debug host HAL server/client.
+    hal_attribute(fingerprint_debug)
+
+    hal_server_domain(hal_fingerprint_default, hal_fingerprint_debug)
+
+    # Ensure that the server and client can communicate with each other,
+    # bi-directionally (in the case of callbacks from server to client, for
+    # example).
+    binder_call(hal_fingerprint_debug_client, hal_fingerprint_debug_server)
+    binder_call(hal_fingerprint_debug_server, hal_fingerprint_debug_client)
+
+    binder_call(hal_fingerprint_debug_server, servicemanager)
+    hal_attribute_service(hal_fingerprint_debug, hal_fingerprint_debug_service)
+
+    # Allow all priv-apps to communicate with the fingerprint debug HAL on
+    # userdebug or eng builds.
+    hal_client_domain(priv_app, hal_fingerprint_debug)
+
+    binder_call(priv_app, hal_fingerprint_default)
+')
diff --git a/vendor/service_contexts b/vendor/service_contexts
index c50b46f..b889a00 100644
--- a/vendor/service_contexts
+++ b/vendor/service_contexts
@@ -1,4 +1,5 @@
 vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default   u:object_r:hal_fingerprint_service:s0
+com.google.hardware.biometrics.fingerprint.debug.IFingerprintDebug/default   u:object_r:hal_fingerprint_debug_service:s0
 com.google.hardware.pixel.display.IDisplay/default                u:object_r:hal_pixel_display_service:s0
 vendor.google.wireless_charger.IWirelessCharger/default           u:object_r:hal_wireless_charger_service:s0
 hardware.qorvo.uwb.IUwbVendor/default                             u:object_r:hal_uwb_vendor_service:s0