diff --git a/camera/sepolicy/product/private/vendor_pcs_app.te b/camera/sepolicy/product/private/vendor_pcs_app.te
index 6bf0451..55eeee7 100644
--- a/camera/sepolicy/product/private/vendor_pcs_app.te
+++ b/camera/sepolicy/product/private/vendor_pcs_app.te
@@ -1,12 +1,32 @@
 typeattribute vendor_pcs_app coredomain;
 
 app_domain(vendor_pcs_app);
+net_domain(vendor_pcs_app);
+bluetooth_domain(vendor_pcs_app);
 
 allow vendor_pcs_app {
     app_api_service
     audioserver_service
     cameraserver_service
+    drmserver_service
     mediametrics_service
     mediaserver_service
+    nfc_service
     radio_service
 }:service_manager find;
+
+# Following allowances were replicated from priv_app
+# Write to /cache.
+allow vendor_pcs_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow vendor_pcs_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow vendor_pcs_app cache_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+allow vendor_pcs_app media_rw_data_file:dir create_dir_perms;
+allow vendor_pcs_app media_rw_data_file:file create_file_perms;
+
+# Access to /data/preloads
+r_dir_file(vendor_pcs_app, preloads_data_file)
+r_dir_file(vendor_pcs_app, preloads_media_file)
+
diff --git a/camera/sepolicy/vendor/vendor_pcs_app.te b/camera/sepolicy/vendor/vendor_pcs_app.te
index e269a2f..b4d71b5 100644
--- a/camera/sepolicy/vendor/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor/vendor_pcs_app.te
@@ -1,14 +1,17 @@
-# Allow PCS to find the LyricConfigProvider service through ServiceManager.
-allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find;
-# Allow PCS to find the CameraIdRemapper service through ServiceManager.
-allow vendor_pcs_app vendor_camera_cameraidremapper_service:service_manager find;
+allow vendor_pcs_app {
+    vendor_camera_lyricconfigprovider_service
+    vendor_camera_cameraidremapper_service
+    edgetpu_app_service
+}:service_manager find;
 
 allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
 
 binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
-
 binder_call(vendor_pcs_app, hal_camera_default);
 
+# Allow interacting with EdgeTpu.
+allow vendor_pcs_app edgetpu_device:chr_file { getattr read write ioctl map };
+
 # Allow PCS to open socket connections for HTTP streaming support.
 allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
 allow vendor_pcs_app fwmarkd_socket:sock_file write;