diff --git a/tracking_denials/chre.te b/tracking_denials/chre.te
index b0518ffa..ece65802 100644
--- a/tracking_denials/chre.te
+++ b/tracking_denials/chre.te
@@ -1,19 +1,8 @@
-# b/260522435
-dontaudit chre aoc_device:chr_file { getattr };
-dontaudit chre aoc_device:chr_file { open };
-dontaudit chre aoc_device:chr_file { read write };
-dontaudit chre chre:capability2 { block_suspend };
-dontaudit chre device:dir { read };
-dontaudit chre device:dir { watch };
 # b/261105224
 dontaudit chre hal_system_suspend_service:service_manager { find };
 dontaudit chre servicemanager:binder { call };
-dontaudit chre sysfs_aoc:dir { search };
-dontaudit chre sysfs_aoc_boottime:file { getattr };
-dontaudit chre sysfs_aoc_boottime:file { open };
-dontaudit chre sysfs_aoc_boottime:file { read };
 dontaudit chre system_suspend_server:binder { call };
 # b/264489633
 userdebug_or_eng(`
   permissive chre;
-')
\ No newline at end of file
+')
diff --git a/vendor/chre.te b/vendor/chre.te
index 59ee7d58..a1d1ca59 100644
--- a/vendor/chre.te
+++ b/vendor/chre.te
@@ -2,3 +2,15 @@ type chre, domain;
 type chre_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(chre)
 
+# Permit communication with AoC
+allow chre aoc_device:chr_file rw_file_perms;
+
+# Allow CHRE to determine AoC's current clock
+allow chre sysfs_aoc:dir search;
+allow chre sysfs_aoc_boottime:file r_file_perms;
+
+# Allow CHRE to create thread to watch AOC's device
+allow chre device:dir r_dir_perms;
+
+# Allow CHRE to use WakeLock
+wakelock_use(chre)