diff --git a/public/hal_drm.te b/public/hal_drm.te
index bfee2d344..d86edaf98 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -31,6 +31,8 @@ allow hal_drm sysfs:file r_file_perms;
 
 allow hal_drm tee_device:chr_file rw_file_perms;
 
+allow hal_drm_server { appdomain -isolated_app }:fd use;
+
 # only allow unprivileged socket ioctl commands
 allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index 5bcbe9ac2..874e813de 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -5,6 +5,5 @@ type hal_drm_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_drm_default)
 
 allow hal_drm_default hal_omx_server:fd use;
-allow hal_drm_default { appdomain -isolated_app }:fd use;
 
 allow hal_drm_default hal_allocator_server:fd use;