diff --git a/sepolicy/aam/file_contexts b/sepolicy/aam/file_contexts
new file mode 100644
index 0000000..a1e2cee
--- /dev/null
+++ b/sepolicy/aam/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.aam-service      u:object_r:hal_aam_exec:s0
diff --git a/sepolicy/aam/hal_aam.te b/sepolicy/aam/hal_aam.te
new file mode 100644
index 0000000..d0d95aa
--- /dev/null
+++ b/sepolicy/aam/hal_aam.te
@@ -0,0 +1,6 @@
+type hal_aam, domain;
+type hal_aam_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_aam)
+add_service(hal_aam, hal_aam_service)
+binder_call(hal_aam, servicemanager);
diff --git a/sepolicy/aam/service.te b/sepolicy/aam/service.te
new file mode 100644
index 0000000..fb8ece9
--- /dev/null
+++ b/sepolicy/aam/service.te
@@ -0,0 +1 @@
+type hal_aam_service, service_manager_type, hal_service_type;
diff --git a/sepolicy/aam/service_contexts b/sepolicy/aam/service_contexts
new file mode 100644
index 0000000..4776e57
--- /dev/null
+++ b/sepolicy/aam/service_contexts
@@ -0,0 +1 @@
+vendor.google.aam.IAam/default                      u:object_r:hal_aam_service:s0
diff --git a/sepolicy/zumapro-sepolicy.mk b/sepolicy/zumapro-sepolicy.mk
index 507707a..9226fa6 100644
--- a/sepolicy/zumapro-sepolicy.mk
+++ b/sepolicy/zumapro-sepolicy.mk
@@ -10,6 +10,7 @@ BOARD_SEPOLICY_DIRS += \
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/googlebattery
 
 # sepolicy that are shared among devices using zumapro
+BOARD_SEPOLICY_DIRS += device/google/zumapro/sepolicy/aam
 BOARD_SEPOLICY_DIRS += device/google/zumapro/sepolicy/vendor
 BOARD_SEPOLICY_DIRS += device/google/zumapro/sepolicy/radio
 PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro/sepolicy/radio/private