diff --git a/trusty/Android.bp b/trusty/Android.bp
new file mode 100644
index 0000000..536fbd3
--- /dev/null
+++ b/trusty/Android.bp
@@ -0,0 +1,10 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+    name: "dump_trusty.sh",
+    src: "dump_trusty.sh",
+    vendor: true,
+    sub_dir: "dump",
+}
diff --git a/trusty/dump_trusty.sh b/trusty/dump_trusty.sh
new file mode 100644
index 0000000..9592cd3
--- /dev/null
+++ b/trusty/dump_trusty.sh
@@ -0,0 +1,3 @@
+#!/vendor/bin/sh
+echo "--- Trusty TEE0 Logs ---"
+cat /dev/trusty-log0
diff --git a/trusty/sepolicy/device.te b/trusty/sepolicy/device.te
new file mode 100644
index 0000000..bb85670
--- /dev/null
+++ b/trusty/sepolicy/device.te
@@ -0,0 +1 @@
+type trusty_log_device, dev_type;
diff --git a/trusty/sepolicy/dump_trusty.te b/trusty/sepolicy/dump_trusty.te
new file mode 100644
index 0000000..d4e0d6e
--- /dev/null
+++ b/trusty/sepolicy/dump_trusty.te
@@ -0,0 +1,4 @@
+pixel_bugreport(dump_trusty)
+
+allow dump_trusty trusty_log_device:chr_file r_file_perms;
+allow dump_trusty vendor_toolbox_exec:file execute_no_trans;
diff --git a/trusty/sepolicy/file_contexts b/trusty/sepolicy/file_contexts
new file mode 100644
index 0000000..d961e84
--- /dev/null
+++ b/trusty/sepolicy/file_contexts
@@ -0,0 +1,3 @@
+/vendor/bin/dump/dump_trusty\.sh      u:object_r:dump_trusty_exec:s0
+
+/dev/trusty-log0                      u:object_r:trusty_log_device:s0
diff --git a/trusty/trusty.mk b/trusty/trusty.mk
new file mode 100644
index 0000000..1786817
--- /dev/null
+++ b/trusty/trusty.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/sepolicy
+
+PRODUCT_PACKAGES += dump_trusty.sh