diff --git a/configs/manifest.xml b/configs/manifest.xml
index 2772d89..0b3863f 100644
--- a/configs/manifest.xml
+++ b/configs/manifest.xml
@@ -8,6 +8,15 @@
             <instance>default</instance>
         </interface>
     </hal>
+    <hal format="hidl">
+        <name>vendor.samsung.hardware.biometrics.fingerprint</name>
+        <transport>hwbinder</transport>
+        <version>2.1</version>
+        <interface>
+            <name>ISecBiometricsFingerprint</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
     <hal format="hidl">
         <name>android.hardware.audio</name>
         <transport>hwbinder</transport>
@@ -123,7 +132,7 @@
             <instance>default</instance>
         </interface>
     </hal>
-<!--    <hal format="hidl">
+    <hal format="hidl">
         <name>android.hardware.keymaster</name>
         <transport>hwbinder</transport>
         <version>3.0</version>
@@ -131,7 +140,7 @@
             <name>IKeymasterDevice</name>
             <instance>default</instance>
         </interface>
-    </hal> -->
+    </hal>
     <hal format="hidl">
         <name>android.hardware.media.omx</name>
         <transport>hwbinder</transport>
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 6ade8bf..5ac611e 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -29,3 +29,6 @@
 /sys/devices/virtual/sec/sec_key/hall_irq_ctrl                   u:object_r:sysfs_sec:s0
 
 /system/bin/wifiloader       u:object_r:wifiloader_exec:s0
+
+/system/vendor/bin/hw/vendor\.samsung\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
+
diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te
index f073166..43653e0 100644
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@@ -1,6 +1,10 @@
 allow hal_fingerprint_default system_data_file:dir { add_name create open read write remove_name rmdir };
 allow hal_fingerprint_default system_data_file:file { getattr open read };
-allow hal_fingerprint_default tee_device:chr_file ioctl;
+allow hal_fingerprint_default tee_device:chr_file { open read write ioctl };
 allow hal_fingerprint_default firmware_file:file { getattr open read };
-allow hal_fingerprint_default tee_device:chr_file { open read write };
-allow hal_fingerprint_default vfsspi_device:chr_file ioctl;
+allow hal_fingerprint_default firmware_file:dir search;
+allow hal_fingerprint_default vfsspi_device:chr_file { read open write ioctl getattr };
+
+file_type_auto_trans(hal_fingerprint_default, system_data_file, biometrics_data_file);
+allow hal_fingerprint_default biometrics_data_file:dir { add_name create open read write remove_name rmdir };
+allow hal_fingerprint_default biometrics_data_file:file { getattr open read create write };
diff --git a/sepolicy/hal_keymaster_default.te b/sepolicy/hal_keymaster_default.te
index 7c9237a..8b9f17f 100644
--- a/sepolicy/hal_keymaster_default.te
+++ b/sepolicy/hal_keymaster_default.te
@@ -1,2 +1,2 @@
 allow hal_keymaster_default firmware_file:dir search;
-allow hal_keymaster_default firmware_file:file read;
+allow hal_keymaster_default firmware_file:file { getattr open read };
diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts
new file mode 100644
index 0000000..0a04a99
--- /dev/null
+++ b/sepolicy/hwservice_contexts
@@ -0,0 +1,2 @@
+vendor.samsung.hardware.biometrics.fingerprint::ISecBiometricsFingerprint     u:object_r:hal_fingerprint_hwservice:s0
+
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 10954b4..e424790 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -8,3 +8,6 @@ allow tee init:unix_stream_socket connectto;
 allow tee gatekeeper_data_file:file { open read };
 
 allow tee efs_file:file { open read };
+allow tee efs_file:dir search;
+
+allow tee gatekeeper_data_file:dir { read search };