diff --git a/edgetpu/sepolicy/device.te b/edgetpu/sepolicy/device.te
index 9296ba5..78e918a 100644
--- a/edgetpu/sepolicy/device.te
+++ b/edgetpu/sepolicy/device.te
@@ -1,2 +1,2 @@
 # EdgeTPU device (DarwiNN)
-type edgetpu_device, dev_type, mlstrustedobject;
+type edgetpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
diff --git a/edgetpu/sepolicy/service.te b/edgetpu/sepolicy/service.te
index b1a5409..5ea2006 100644
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te
@@ -4,4 +4,4 @@ type edgetpu_dba_service, app_api_service, service_manager_type, isolated_comput
 type edgetpu_tachyon_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
 
 # EdgeTPU binder service type declaration.
-type edgetpu_app_service, service_manager_type;
+type edgetpu_app_service, service_manager_type, isolated_compute_allowed_service;
diff --git a/trusty/rpmb_dev/rpmb_dev.mk b/trusty/rpmb_dev/rpmb_dev.mk
new file mode 100644
index 0000000..31c68ef
--- /dev/null
+++ b/trusty/rpmb_dev/rpmb_dev.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/rpmb_dev/sepolicy
+
+PRODUCT_PACKAGES += rpmb_dev
diff --git a/trusty/rpmb_dev/sepolicy/file_contexts b/trusty/rpmb_dev/sepolicy/file_contexts
new file mode 100644
index 0000000..1a44f7d
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# Binaries
+/vendor/bin/rpmb_dev     u:object_r:rpmb_dev_exec:s0
diff --git a/trusty/rpmb_dev/sepolicy/rpmb_dev.te b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
new file mode 100644
index 0000000..0f46e03
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
@@ -0,0 +1,4 @@
+type rpmb_dev, domain;
+type rpmb_dev_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(rpmb_dev)