diff --git a/non_plat/device.te b/non_plat/device.te
index 6ebb70b..d16357e 100644
--- a/non_plat/device.te
+++ b/non_plat/device.te
@@ -278,5 +278,8 @@ type teei_fp_device, dev_type;
 type teei_rpmb_device, dev_type;
 type teei_vfs_device, dev_type;
 
+type teei_client_device, dev_type;
+typeattribute teei_client_device mlstrustedobject;
+
 # Keymaster
 type ut_keymaster_device, dev_type;
diff --git a/non_plat/file_contexts b/non_plat/file_contexts
index 743a906..8aed8cd 100644
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@@ -697,6 +697,8 @@
 /dev/rpmb0 u:object_r:teei_rpmb_device:s0
 /dev/emmcrpmb0 u:object_r:teei_rpmb_device:s0
 /dev/tz_vfs u:object_r:teei_vfs_device:s0
+/dev/tee0 u:object_r:teei_client_device:s0
+/dev/teei_client u:object_r:teei_client_device:s0
 
 /data/vendor/thh(/.*)? u:object_r:vendor_teei_data_file:s0
 
diff --git a/non_plat/hal_drm_widevine.te b/non_plat/hal_drm_widevine.te
index c3705ba..8347c49 100644
--- a/non_plat/hal_drm_widevine.te
+++ b/non_plat/hal_drm_widevine.te
@@ -14,3 +14,4 @@ allow hal_drm_widevine hal_allocator_server:fd use;
 allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
 allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
 
+allow hal_drm_widevine teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/hal_fingerprint_default.te b/non_plat/hal_fingerprint_default.te
index 857623a..5049f7b 100644
--- a/non_plat/hal_fingerprint_default.te
+++ b/non_plat/hal_fingerprint_default.te
@@ -1 +1,3 @@
 allow hal_fingerprint_default teei_fp_device:chr_file { read write open ioctl };
+
+allow hal_fingerprint_default teei_client_device:chr_file { read write open ioctl };
diff --git a/non_plat/hal_gatekeeper_default.te b/non_plat/hal_gatekeeper_default.te
new file mode 100644
index 0000000..f3125b2
--- /dev/null
+++ b/non_plat/hal_gatekeeper_default.te
@@ -0,0 +1 @@
+allow hal_gatekeeper_default teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/hal_graphics_allocator_default.te b/non_plat/hal_graphics_allocator_default.te
index 6265330..6a4c9c3 100644
--- a/non_plat/hal_graphics_allocator_default.te
+++ b/non_plat/hal_graphics_allocator_default.te
@@ -20,3 +20,6 @@ allow hal_graphics_allocator_default debugfs_tracing:file open;
 #============= hal_graphics_allocator_default ==============
 allow hal_graphics_allocator_default proc_ged:file r_file_perms;
 allowxperm hal_graphics_allocator_default proc_ged:file ioctl { proc_ged_ioctls };
+
+# TEE
+allow hal_graphics_allocator_default teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/hal_keymaster_attestation.te b/non_plat/hal_keymaster_attestation.te
index eae2ddf..8408ef3 100644
--- a/non_plat/hal_keymaster_attestation.te
+++ b/non_plat/hal_keymaster_attestation.te
@@ -17,3 +17,5 @@ allow hal_keymaster_attestation persist_data_file:dir { write search add_name };
 allow hal_keymaster_attestation persist_data_file:file { write create open getattr };
 
 allow hal_keymaster_attestation ut_keymaster_device:chr_file { read write ioctl open };
+
+allow hal_keymaster_attestation teei_client_device:chr_file { read write open ioctl};
diff --git a/non_plat/hal_keymaster_default.te b/non_plat/hal_keymaster_default.te
index cc1dcda..d383e9e 100644
--- a/non_plat/hal_keymaster_default.te
+++ b/non_plat/hal_keymaster_default.te
@@ -1 +1,3 @@
 allow hal_keymaster_default ut_keymaster_device:chr_file { read write open ioctl};
+
+allow hal_keymaster_default teei_client_device:chr_file { read write open ioctl};
diff --git a/non_plat/init.te b/non_plat/init.te
index b93dcbf..c0d1ee9 100644
--- a/non_plat/init.te
+++ b/non_plat/init.te
@@ -145,3 +145,6 @@ allow init proc_cpu_alignment:file w_file_perms;
 # Purpose: Allow to relabelto for selinux_android_restorecon
 allow init boot_block_device:lnk_file relabelto;
 allow init vbmeta_block_device:lnk_file relabelto;
+
+# TEE
+allow init teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/kernel.te b/non_plat/kernel.te
index 0b33f40..23316b3 100644
--- a/non_plat/kernel.te
+++ b/non_plat/kernel.te
@@ -87,3 +87,6 @@ allow kernel vendor_file:file r_file_perms;
 # Operation: SQC
 # Purpose: Allow VOW kthread to write debug PCM dump
 allow kernel mtk_audiohal_data_file:file write;
+
+# TEE
+allow kernel teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/mediacodec.te b/non_plat/mediacodec.te
index 5b15af0..26c8520 100644
--- a/non_plat/mediacodec.te
+++ b/non_plat/mediacodec.te
@@ -156,4 +156,7 @@ allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT_ARRAY;
 # Date : 2019/12/12
 # Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
 allow mediacodec sysfs_concurrency_scenario:file rw_file_perms;
-allow mediacodec sysfs_concurrency_scenario:dir search;
\ No newline at end of file
+allow mediacodec sysfs_concurrency_scenario:dir search;
+
+# TEE
+allow mediacodec teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/meta_tst.te b/non_plat/meta_tst.te
index 3e1858c..418e1a0 100644
--- a/non_plat/meta_tst.te
+++ b/non_plat/meta_tst.te
@@ -419,3 +419,6 @@ allow meta_tst adsp_device:chr_file rw_file_perms;
 # Operation: P migration
 # Purpose : audio scp recovery
 allow meta_tst audio_scp_device:chr_file r_file_perms;
+
+# TEE
+allow meta_tst teei_client_device:chr_file { create setattr unlink rw_file_perms };;
diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te
index 3359530..670f3fa 100644
--- a/non_plat/mtk_hal_camera.te
+++ b/non_plat/mtk_hal_camera.te
@@ -365,3 +365,6 @@ allow mtk_hal_camera camera_vendor_data_file:dir create_dir_perms;
 allow mtk_hal_camera camera_vendor_data_file:file create_file_perms;
 
 allow mtk_hal_camera seninf_device:chr_file rw_file_perms;
+
+# TEE
+allow mtk_hal_camera teei_client_device:chr_file rw_file_perms;
diff --git a/non_plat/system_server.te b/non_plat/system_server.te
index c2aa0ff..5110d25 100644
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@@ -278,4 +278,6 @@ allow system_server sf_rtt_file:dir rmdir;
 # Operation : Q Migration
 allow system_server storage_stub_file:dir getattr;
 
+# TEE
 allow system_server teei_fp_device:chr_file rw_file_perms;
+allow system_server teei_client_device:chr_file r_file_perms;
diff --git a/non_plat/tee.te b/non_plat/tee.te
index e0dbc77..34a726b 100644
--- a/non_plat/tee.te
+++ b/non_plat/tee.te
@@ -7,3 +7,5 @@ allow tee teei_vfs_device:chr_file rw_file_perms;
 
 allow tee vendor_teei_data_file:dir create_dir_perms;
 allow tee vendor_teei_data_file:file create_file_perms;
+
+allow tee teei_client_device:chr_file { create setattr unlink rw_file_perms };;
diff --git a/non_plat/vold.te b/non_plat/vold.te
index 1204cba..2edde0c 100644
--- a/non_plat/vold.te
+++ b/non_plat/vold.te
@@ -48,3 +48,5 @@ allow vold swap_block_device:blk_file getattr;
 allow vold sysfs_mmcblk:file rw_file_perms;
 
 allow vold ut_keymaster_device:chr_file { read write open ioctl};
+
+allow vold teei_client_device:chr_file { read write open ioctl};