diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index a58703cbf..d1800dfb6 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -76,6 +76,8 @@
     profcollectd_service
     radio_core_data_file
     reboot_readiness_service
+    remote_prov_app
+    remoteprovisioning_service
     resolver_service
     search_ui_service
     shell_test_data_file
diff --git a/private/remote_prov_app.te b/private/remote_prov_app.te
new file mode 100644
index 000000000..e877981d0
--- /dev/null
+++ b/private/remote_prov_app.te
@@ -0,0 +1,10 @@
+type remote_prov_app, domain;
+typeattribute remote_prov_app coredomain;
+
+app_domain(remote_prov_app)
+net_domain(remote_prov_app)
+
+allow remote_prov_app {
+    activity_service
+    remoteprovisioning_service
+}:service_manager find;
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 929f07341..b8e42eaa7 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -143,6 +143,7 @@ neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
 isSystemServer=true domain=system_server_startup
 
 user=_app isPrivApp=true name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.remoteprovisioner domain=remote_prov_app type=app_data_file levelFrom=all
 user=system seinfo=platform domain=system_app type=system_app_data_file
 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
 user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
diff --git a/private/service_contexts b/private/service_contexts
index ed457ee5d..404f59318 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -31,6 +31,7 @@ android.security.authorization            u:object_r:authorization_service:s0
 android.security.compat                   u:object_r:keystore_compat_hal_service:s0
 android.security.identity                 u:object_r:credstore_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
+android.security.remoteprovisioning       u:object_r:remoteprovisioning_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 android.system.keystore2                  u:object_r:keystore_service:s0
 app_binding                               u:object_r:app_binding_service:s0
diff --git a/public/keystore.te b/public/keystore.te
index 8c64090a4..b8c599c85 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -13,6 +13,7 @@ allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
 allow keystore keystore_exec:file { getattr };
 
 add_service(keystore, keystore_service)
+add_service(keystore, remoteprovisioning_service)
 allow keystore sec_key_att_app_id_provider_service:service_manager find;
 allow keystore dropbox_service:service_manager find;
 add_service(keystore, apc_service)
diff --git a/public/service.te b/public/service.te
index 928016b33..cfc8a2f6c 100644
--- a/public/service.te
+++ b/public/service.te
@@ -29,6 +29,7 @@ type mediatranscoding_service,  app_api_service, service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
+type remoteprovisioning_service,   service_manager_type;
 type secure_element_service,    service_manager_type;
 type service_manager_service,   service_manager_type;
 type storaged_service,          service_manager_type;