diff --git a/widevine/gen/gen_common/file.te b/widevine/gen/gen_common/file.te
new file mode 100644
index 0000000..3afd706
--- /dev/null
+++ b/widevine/gen/gen_common/file.te
@@ -0,0 +1 @@
+type mediadrm_vendor_data_file, file_type, data_file_type;
diff --git a/widevine/gen/gen_common/file_contexts b/widevine/gen/gen_common/file_contexts
new file mode 100644
index 0000000..7b89ccc
--- /dev/null
+++ b/widevine/gen/gen_common/file_contexts
@@ -0,0 +1,3 @@
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service\.widevine           u:object_r:hal_drm_widevine_exec:s0
+/data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
+
diff --git a/widevine/gen/gen_common/hal_drm_widevine.te b/widevine/gen/gen_common/hal_drm_widevine.te
new file mode 100644
index 0000000..90458a0
--- /dev/null
+++ b/widevine/gen/gen_common/hal_drm_widevine.te
@@ -0,0 +1,21 @@
+type hal_drm_widevine, domain;
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_drm_widevine)
+
+allow hal_drm mediacodec:fd use;
+
+# get_prop(ramdump, public_vendor_default_prop)
+
+vndbinder_use(hal_drm_widevine)
+hal_client_domain(hal_drm_widevine, hal_graphics_composer);
+allow hal_drm_widevine servicemanager:binder { call transfer };
+allow hal_drm_widevine hal_drm_service:service_manager add;
+allow hal_drm_widevine { appdomain -isolated_app_all }:fd use;
+allow hal_drm_widevine hal_allocator_server:fd use;
+allow hal_drm_widevine gpu_device:dir search;
+allow hal_drm_widevine gpu_device:chr_file rw_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
+allow hal_drm_widevine tmpfs:file { read write map };
diff --git a/widevine/gen/gen_common/service_contexts b/widevine/gen/gen_common/service_contexts
new file mode 100644
index 0000000..6989dde
--- /dev/null
+++ b/widevine/gen/gen_common/service_contexts
@@ -0,0 +1 @@
+android.hardware.drm.IDrmFactory/widevine    u:object_r:hal_drm_service:s0