diff --git a/aoc/aoc.mk b/aoc/aoc.mk
index 13d849c..8ef4e26 100644
--- a/aoc/aoc.mk
+++ b/aoc/aoc.mk
@@ -1,5 +1,11 @@
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
 
+# Skip aosp_ build due to dcservice_app is not available
+ifeq (,$(filter aosp_%, $(TARGET_PRODUCT)))
+BOARD_VENDOR_SEPOLICY_DIRS += \
+        device/google/gs-common/aoc/sepolicy/allowlist
+endif
+
 PRODUCT_PACKAGES += dump_aoc \
 		    aocd \
 		    aocxd
diff --git a/aoc/sepolicy/allowlist/aocxd_neverallow.te b/aoc/sepolicy/allowlist/aocxd_neverallow.te
new file mode 100644
index 0000000..72b7b1a
--- /dev/null
+++ b/aoc/sepolicy/allowlist/aocxd_neverallow.te
@@ -0,0 +1,2 @@
+# set up rule to control the access to aocxd
+neverallow { domain -hwservicemanager -servicemanager -vndservicemanager -system_suspend_server -dumpstate -hal_audio_default -dcservice_app } aocxd:binder { call transfer };