diff --git a/public/hal_drm.te b/public/hal_drm.te
index bfee2d344..d86edaf98 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -31,6 +31,8 @@ allow hal_drm sysfs:file r_file_perms;
 
 allow hal_drm tee_device:chr_file rw_file_perms;
 
+allow hal_drm_server { appdomain -isolated_app }:fd use;
+
 # only allow unprivileged socket ioctl commands
 allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index f81f39876..cf8d894ee 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -6,6 +6,5 @@ init_daemon_domain(hal_drm_default)
 
 allow hal_drm_default hal_codec2_server:fd use;
 allow hal_drm_default hal_omx_server:fd use;
-allow hal_drm_default { appdomain -isolated_app }:fd use;
 
 allow hal_drm_default hal_allocator_server:fd use;