diff --git a/comet-sepolicy.mk b/comet-sepolicy.mk
index 32aa697..3ffaa05 100644
--- a/comet-sepolicy.mk
+++ b/comet-sepolicy.mk
@@ -1,2 +1,6 @@
 # sepolicy exclusively for comet.
 BOARD_SEPOLICY_DIRS += device/google/comet-sepolicy/vendor
+
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/comet-sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/comet-sepolicy/system_ext/private
diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te
new file mode 100644
index 0000000..4dc1639
--- /dev/null
+++ b/system_ext/private/gmscore_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(gmscore_app, setupwizard_feature_prop)
diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te
new file mode 100644
index 0000000..90bc371
--- /dev/null
+++ b/system_ext/private/priv_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
new file mode 100644
index 0000000..464a289
--- /dev/null
+++ b/system_ext/private/property_contexts
@@ -0,0 +1,2 @@
+# setupwizard
+setupwizard.feature.provisioning_profile_mode    u:object_r:setupwizard_feature_prop:s0
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
new file mode 100644
index 0000000..96cb3b3
--- /dev/null
+++ b/system_ext/public/property.te
@@ -0,0 +1,2 @@
+# setupwizard
+system_public_prop(setupwizard_feature_prop)
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 91d16a9..0af5c8a 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -1,2 +1,5 @@
 # Camera vendor property
 set_prop(vendor_init, vendor_camera_debug_prop)
+
+# setupwizard
+set_prop(vendor_init, setupwizard_feature_prop)