diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
new file mode 100644
index 0000000..f3ae647
--- /dev/null
+++ b/betterbug/betterbug.mk
@@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += BetterBugStub
+PRODUCT_PACKAGES_DEBUG += BetterBug
+
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
diff --git a/betterbug/sepolicy/product/private/better_bug_app.te b/betterbug/sepolicy/product/private/better_bug_app.te
new file mode 100644
index 0000000..26e0565
--- /dev/null
+++ b/betterbug/sepolicy/product/private/better_bug_app.te
@@ -0,0 +1,47 @@
+typeattribute better_bug_app coredomain;
+
+app_domain(better_bug_app)
+net_domain(better_bug_app)
+
+allow better_bug_app app_api_service:service_manager find;
+allow better_bug_app mediaserver_service:service_manager find;
+allow better_bug_app radio_service:service_manager find;
+allow better_bug_app system_api_service:service_manager find;
+
+allow better_bug_app privapp_data_file:file execute;
+allow better_bug_app privapp_data_file:lnk_file r_file_perms;
+allow better_bug_app shell_data_file:file r_file_perms;
+allow better_bug_app shell_data_file:dir r_dir_perms;
+
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow better_bug_app trace_data_file:file { getattr read };
+
+# Allow betterbug to read profile reports generated by profcollect.
+userdebug_or_eng(`
+  allow better_bug_app profcollectd_data_file:file r_file_perms;
+')
+
+# Allow BetterBug access to WM traces attributes
+allow better_bug_app wm_trace_data_file:dir r_dir_perms;
+allow better_bug_app wm_trace_data_file:file getattr;
+
+# Allow the bug reporting frontend to read the presence and timestamp of the
+# trace attached to the bugreport (but not its contents, which will go in the
+# usual bugreport .zip file). This is used by the bug reporting UI to tell if
+# the bugreport will contain a system trace or not while the bugreport is still
+# in progress.
+allow better_bug_app perfetto_traces_bugreport_data_file:dir r_dir_perms;
+allow better_bug_app perfetto_traces_bugreport_data_file:file { getattr };
+
+# Allow BetterBug to receive Perfetto traces through the framework
+# (i.e. TracingServiceProxy) and sendfile them into their private
+# directories for reporting when network and battery conditions are
+# appropriate.
+allow better_bug_app perfetto:fd use;
+allow better_bug_app perfetto_traces_data_file:file { read getattr };
+
+# Allow BetterBug to set property to start vendor.touch_dumpstate
+set_prop(better_bug_app, ctl_start_prop)
+
+# Allow BetterBug to read system boot reason
+get_prop(better_bug_app, system_boot_reason_prop)
diff --git a/betterbug/sepolicy/product/private/seapp_contexts b/betterbug/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..77fe3e1
--- /dev/null
+++ b/betterbug/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# BetterBug
+user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=privapp_data_file levelFrom=user
diff --git a/betterbug/sepolicy/product/public/better_bug_app.te b/betterbug/sepolicy/product/public/better_bug_app.te
new file mode 100644
index 0000000..9a14782
--- /dev/null
+++ b/betterbug/sepolicy/product/public/better_bug_app.te
@@ -0,0 +1 @@
+type better_bug_app, domain;