diff --git a/sepolicy/chre.te b/sepolicy/chre.te
new file mode 100644
index 00000000..96219c11
--- /dev/null
+++ b/sepolicy/chre.te
@@ -0,0 +1,11 @@
+# This daemon loads the Context Hub Runtime Environment (CHRE) dynamic modules
+# onto the SLPI using FastRPC, and exposes a sockets interface for clients on
+# the applications processor to interact CHRE
+type chre, domain;
+type chre_exec, exec_type, file_type;
+
+init_daemon_domain(chre)
+
+allow chre ion_device:chr_file { open read };
+allow chre qdsp_device:chr_file { ioctl open read };
+allow chre system_file:dir read;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index b23b0b2c..905923ad 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -129,6 +129,7 @@
 /vendor/bin/qmuxd               u:object_r:qmuxd_exec:s0
 /vendor/bin/cnd                 u:object_r:cnd_exec:s0
 /vendor/bin/hw/android\.hardware\.usb@1\.0-service.device            u:object_r:hal_usb_default_exec:s0
+/vendor/bin/chre                u:object_r:chre_exec:s0
 
 # data files
 /data/misc/radio(/.*)?                 u:object_r:radio_data_file:s0