diff --git a/sepolicy/private/system_suspend.te b/sepolicy/private/system_suspend.te
new file mode 100644
index 0000000..0d845e9
--- /dev/null
+++ b/sepolicy/private/system_suspend.te
@@ -0,0 +1,17 @@
+init_daemon_domain(system_suspend)
+
+# To serve ISuspendControlService.aidl.
+binder_use(system_suspend)
+add_service(system_suspend, system_suspend_control_service)
+
+# Access to /sys/power/{ wakeup_count, state } suspend interface.
+allow system_suspend sysfs_power:file rw_file_perms;
+
+allow system_suspend sysfs:dir { open read };
+allow system_suspend sysfs:file { getattr };
+
+dontaudit system_suspend sysfs:file { open read };
+
+# Access to /sys/power/{ wake_lock, wake_unlock } suspend blocker interface.
+allow system_suspend self:global_capability2_class_set block_suspend;
+allow system_suspend sysfs_wake_lock:file rw_file_perms;