diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
index d34e613a3206d727a64c0ae8fbd3b0e97565f27e..f5ea59bc7f8f8277601b39b343834b875f296380 100644
--- a/caiman-sepolicy.mk
+++ b/caiman-sepolicy.mk
@@ -1,11 +1,2 @@
# sepolicy that are shared among devices using ZumaPro
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
-
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/caiman/file_contexts b/caiman/file_contexts
index cdb38af40d6f28dc17472a26d141dc537363b879..2cc3a039d82079ff16798b09f378770ba8a46d2c 100644
--- a/caiman/file_contexts
+++ b/caiman/file_contexts
@@ -14,3 +14,14 @@
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
diff --git a/gnss/gnss_check.te b/caiman/gnss_check.te
similarity index 100%
rename from gnss/gnss_check.te
rename to caiman/gnss_check.te
diff --git a/gnss/gnssd.te b/caiman/gnssd.te
similarity index 100%
rename from gnss/gnssd.te
rename to caiman/gnssd.te
diff --git a/gnss/hal_gnss_default.te b/caiman/hal_gnss_default.te
similarity index 100%
rename from gnss/hal_gnss_default.te
rename to caiman/hal_gnss_default.te
diff --git a/gnss/rild.te b/caiman/rild.te
similarity index 100%
rename from gnss/rild.te
rename to caiman/rild.te
diff --git a/gnss/sctd.te b/caiman/sctd.te
similarity index 100%
rename from gnss/sctd.te
rename to caiman/sctd.te
diff --git a/gnss/spad.te b/caiman/spad.te
similarity index 100%
rename from gnss/spad.te
rename to caiman/spad.te
diff --git a/gnss/swcnd.te b/caiman/swcnd.te
similarity index 100%
rename from gnss/swcnd.te
rename to caiman/swcnd.te
diff --git a/fingerprint_capacitance/system_app.te b/caiman/system_app.te
similarity index 100%
rename from fingerprint_capacitance/system_app.te
rename to caiman/system_app.te
diff --git a/gnss/file_contexts b/gnss/file_contexts
deleted file mode 100644
index 1a4c2d4b7af7b809ca330a8a1da32a2c928b674c..0000000000000000000000000000000000000000
--- a/gnss/file_contexts
+++ /dev/null
@@ -1,11 +0,0 @@
-# GPS
-/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump u:object_r:vendor_gnss_device:s0
-
-/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad u:object_r:spad_exec:s0
-/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
index feed173ce6319577667f7f9a658e69b4fafa36b6..d54783f67f1f5bfa5f97d264134740d40d8168ee 100644
--- a/komodo-sepolicy.mk
+++ b/komodo-sepolicy.mk
@@ -1,11 +1,2 @@
# sepolicy that are shared among devices using ZumaPro
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
-
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/komodo/file_contexts b/komodo/file_contexts
index cdb38af40d6f28dc17472a26d141dc537363b879..2cc3a039d82079ff16798b09f378770ba8a46d2c 100644
--- a/komodo/file_contexts
+++ b/komodo/file_contexts
@@ -14,3 +14,14 @@
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
diff --git a/komodo/gnss_check.te b/komodo/gnss_check.te
new file mode 100644
index 0000000000000000000000000000000000000000..31d0944f4c88d1ec94d4cea03df296af8130cc6f
--- /dev/null
+++ b/komodo/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/komodo/gnssd.te b/komodo/gnssd.te
new file mode 100644
index 0000000000000000000000000000000000000000..ea16762b028842eb52fdab897d25fb12a702d54b
--- /dev/null
+++ b/komodo/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/komodo/hal_gnss_default.te b/komodo/hal_gnss_default.te
new file mode 100644
index 0000000000000000000000000000000000000000..bf1a56450cb30fb542c4030c1e64e11cb19a3a4c
--- /dev/null
+++ b/komodo/hal_gnss_default.te
@@ -0,0 +1,3 @@
+binder_call(hal_gnss_default, gnssd);
+
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/komodo/rild.te b/komodo/rild.te
new file mode 100644
index 0000000000000000000000000000000000000000..c620a19b3611958177e9de8a34cdaae9263bf121
--- /dev/null
+++ b/komodo/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/komodo/sctd.te b/komodo/sctd.te
new file mode 100644
index 0000000000000000000000000000000000000000..8966ef8ade9c258286e8dabf4f90edb3dd0111e1
--- /dev/null
+++ b/komodo/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/komodo/spad.te b/komodo/spad.te
new file mode 100644
index 0000000000000000000000000000000000000000..eaf8b1c8463bcc22a2eb3a415461ede6d998242f
--- /dev/null
+++ b/komodo/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/komodo/swcnd.te b/komodo/swcnd.te
new file mode 100644
index 0000000000000000000000000000000000000000..c366cad8d7140b99256e76d588c7ee952e2419b3
--- /dev/null
+++ b/komodo/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/komodo/system_app.te b/komodo/system_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..e1a7d5236dc7c68926bb0e43bdbd1da37674b928
--- /dev/null
+++ b/komodo/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
index 48f50099a36b50a56ca66bfcf2db3c78cc60243b..aa9182b41d9a9fdf27cc22f7b7821e27ef4c7b23 100644
--- a/ripcurrent24-sepolicy.mk
+++ b/ripcurrent24-sepolicy.mk
@@ -1,11 +1,2 @@
# sepolicy that are shared among devices using ZumaPro
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
-
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/ripcurrent24/file_contexts b/ripcurrent24/file_contexts
index 1143d5fda10694383d0961e436b254030b025a8e..9fd7a3b5c3cc7a00dd4a102d3a37614c7d7d21a6 100644
--- a/ripcurrent24/file_contexts
+++ b/ripcurrent24/file_contexts
@@ -42,3 +42,14 @@
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
diff --git a/ripcurrent24/gnss_check.te b/ripcurrent24/gnss_check.te
new file mode 100644
index 0000000000000000000000000000000000000000..31d0944f4c88d1ec94d4cea03df296af8130cc6f
--- /dev/null
+++ b/ripcurrent24/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/ripcurrent24/gnssd.te b/ripcurrent24/gnssd.te
new file mode 100644
index 0000000000000000000000000000000000000000..ea16762b028842eb52fdab897d25fb12a702d54b
--- /dev/null
+++ b/ripcurrent24/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/ripcurrent24/hal_gnss_default.te b/ripcurrent24/hal_gnss_default.te
new file mode 100644
index 0000000000000000000000000000000000000000..bf1a56450cb30fb542c4030c1e64e11cb19a3a4c
--- /dev/null
+++ b/ripcurrent24/hal_gnss_default.te
@@ -0,0 +1,3 @@
+binder_call(hal_gnss_default, gnssd);
+
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/ripcurrent24/rild.te b/ripcurrent24/rild.te
new file mode 100644
index 0000000000000000000000000000000000000000..c620a19b3611958177e9de8a34cdaae9263bf121
--- /dev/null
+++ b/ripcurrent24/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/ripcurrent24/sctd.te b/ripcurrent24/sctd.te
new file mode 100644
index 0000000000000000000000000000000000000000..8966ef8ade9c258286e8dabf4f90edb3dd0111e1
--- /dev/null
+++ b/ripcurrent24/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/ripcurrent24/spad.te b/ripcurrent24/spad.te
new file mode 100644
index 0000000000000000000000000000000000000000..eaf8b1c8463bcc22a2eb3a415461ede6d998242f
--- /dev/null
+++ b/ripcurrent24/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/ripcurrent24/swcnd.te b/ripcurrent24/swcnd.te
new file mode 100644
index 0000000000000000000000000000000000000000..c366cad8d7140b99256e76d588c7ee952e2419b3
--- /dev/null
+++ b/ripcurrent24/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/ripcurrent24/system_app.te b/ripcurrent24/system_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..e1a7d5236dc7c68926bb0e43bdbd1da37674b928
--- /dev/null
+++ b/ripcurrent24/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/ripcurrentpro-sepolicy.mk b/ripcurrentpro-sepolicy.mk
index 0bcab522c7ccd5a51a7850fa182534423ff29c64..88167b20ee3daa373236fcdee74fb7a451beb26d 100644
--- a/ripcurrentpro-sepolicy.mk
+++ b/ripcurrentpro-sepolicy.mk
@@ -1,5 +1,3 @@
# sepolicy that are shared among devices using ZumaPro
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrentpro
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/ripcurrentpro/system_app.te b/ripcurrentpro/system_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..e1a7d5236dc7c68926bb0e43bdbd1da37674b928
--- /dev/null
+++ b/ripcurrentpro/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
index bfc19e5cd983b21d09504dd96c72479ff5269e92..9183880d9f211aada21d43698fa53946de4e11a6 100644
--- a/tokay-sepolicy.mk
+++ b/tokay-sepolicy.mk
@@ -1,11 +1,2 @@
# sepolicy that are shared among devices using ZumaPro
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
-
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/tokay/file_contexts b/tokay/file_contexts
index 025e379916c034f71163fceac78f9cb9df4fcb7c..9c7fe8a5a151ab575c84ec1f95e122d1d7c84133 100644
--- a/tokay/file_contexts
+++ b/tokay/file_contexts
@@ -10,3 +10,14 @@
/dev/lwis-sensor-boitata u:object_r:lwis_device:s0
/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
diff --git a/tokay/gnss_check.te b/tokay/gnss_check.te
new file mode 100644
index 0000000000000000000000000000000000000000..31d0944f4c88d1ec94d4cea03df296af8130cc6f
--- /dev/null
+++ b/tokay/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/tokay/gnssd.te b/tokay/gnssd.te
new file mode 100644
index 0000000000000000000000000000000000000000..ea16762b028842eb52fdab897d25fb12a702d54b
--- /dev/null
+++ b/tokay/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/tokay/hal_gnss_default.te b/tokay/hal_gnss_default.te
new file mode 100644
index 0000000000000000000000000000000000000000..bf1a56450cb30fb542c4030c1e64e11cb19a3a4c
--- /dev/null
+++ b/tokay/hal_gnss_default.te
@@ -0,0 +1,3 @@
+binder_call(hal_gnss_default, gnssd);
+
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/tokay/rild.te b/tokay/rild.te
new file mode 100644
index 0000000000000000000000000000000000000000..c620a19b3611958177e9de8a34cdaae9263bf121
--- /dev/null
+++ b/tokay/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/tokay/sctd.te b/tokay/sctd.te
new file mode 100644
index 0000000000000000000000000000000000000000..8966ef8ade9c258286e8dabf4f90edb3dd0111e1
--- /dev/null
+++ b/tokay/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/tokay/spad.te b/tokay/spad.te
new file mode 100644
index 0000000000000000000000000000000000000000..eaf8b1c8463bcc22a2eb3a415461ede6d998242f
--- /dev/null
+++ b/tokay/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/tokay/swcnd.te b/tokay/swcnd.te
new file mode 100644
index 0000000000000000000000000000000000000000..c366cad8d7140b99256e76d588c7ee952e2419b3
--- /dev/null
+++ b/tokay/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/tokay/system_app.te b/tokay/system_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..e1a7d5236dc7c68926bb0e43bdbd1da37674b928
--- /dev/null
+++ b/tokay/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)