diff --git a/sepolicy-mods/vendor/app.te b/sepolicy-mods/vendor/app.te
new file mode 100644
index 0000000000000000000000000000000000000000..bb865e0f88c2addf9f66843cb5189cf773ad15f9
--- /dev/null
+++ b/sepolicy-mods/vendor/app.te
@@ -0,0 +1,2 @@
+# Give appdomain access to /dev/gbraw*
+allow appdomain greybus_raw_device:chr_file { getattr read write };
diff --git a/sepolicy-mods/vendor/platform_app.te b/sepolicy-mods/vendor/platform_app.te
index d5f3d7204c1c888832729a36b5f801cf15eabccb..58c1ad1a6cbbb5152e03d858305e69bb42b52e6e 100644
--- a/sepolicy-mods/vendor/platform_app.te
+++ b/sepolicy-mods/vendor/platform_app.te
@@ -6,8 +6,6 @@ allow platform_app mods_app:unix_stream_socket connectto;
 allow platform_app sysfs_vibrator:file rw_file_perms;
 allow platform_app sysfs_usb_supply:dir search;
 allow platform_app sysfs_vibrator:dir { search r_dir_perms };
-allow platform_app greybus_raw_device:chr_file rw_file_perms;
-allow platform_app greybus_raw_device:dir rw_dir_perms;
 allow platform_app input_device:chr_file getattr;
 allow platform_app input_device:dir search;
 allow platform_app self:netlink_kobject_uevent_socket { bind create read setopt };