diff --git a/sepolicy/ohos_policy/deviceprofile/device_profile_core/public/deviceprofile.te b/sepolicy/ohos_policy/deviceprofile/device_profile_core/public/deviceprofile.te
index 1a5ecf48034249befa98fe7b33a44ffb515d1b1b..a8299697d287bdcb4133c8eeb3b4a12ce2338b2b 100755
--- a/sepolicy/ohos_policy/deviceprofile/device_profile_core/public/deviceprofile.te
+++ b/sepolicy/ohos_policy/deviceprofile/device_profile_core/public/deviceprofile.te
@@ -11,4 +11,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+type device_profile, sadomain, domain;
 type sa_device_profile_service, sa_service_attr;
diff --git a/sepolicy/ohos_policy/deviceprofile/device_profile_core/system/deviceprofile.te b/sepolicy/ohos_policy/deviceprofile/device_profile_core/system/deviceprofile.te
index d05a94b87b81f123a9d945832ec6b1edf6db3a0a..2b40c46b153a869335f9281f8e17e9101f1fe6c8 100755
--- a/sepolicy/ohos_policy/deviceprofile/device_profile_core/system/deviceprofile.te
+++ b/sepolicy/ohos_policy/deviceprofile/device_profile_core/system/deviceprofile.te
@@ -11,7 +11,117 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-allow distributedsche sa_device_profile_service:samgr_class { add get };
-allow distributedsche pasteboard_service:binder { call transfer };
-allow distributedsche sa_dhardware_service:samgr_class { get_remote };
+allow device_profile sa_device_profile_service:samgr_class { add get };
+allow device_profile pasteboard_service:binder { call transfer };
+allow device_profile sa_dhardware_service:samgr_class { get_remote };
+allow device_profile sa_distributeddata_service:samgr_class { get };
+allow device_profile sa_softbus_service:samgr_class { get };
+allow device_profile sa_param_watcher:samgr_class { get };
+allow device_profile sa_accesstoken_manager_service:samgr_class { get };
+allow device_profile sa_foundation_bms:samgr_class { get };
+allow device_profile sa_accountmgr:samgr_class { get };
+allow device_profile sa_foundation_abilityms:samgr_class { get };
+allow device_profile sa_foundation_appms:samgr_class { get };
+allow device_profile accessibility_param:file { map open read };
+allow device_profile accesstoken_service:binder { call };
+allow device_profile accountmgr:binder { call };
+allow device_profile data_file:dir { search };
+allow device_profile data_service_file:dir { search };
+allow device_profile data_service_el1_file:dir { add_name open read search write getattr create remove_name rmdir };
+allow device_profile deviceauth_service:binder { call };
+allow device_profile device_manager:binder { transfer };
+allow device_profile dev_ashmem_file:chr_file { open };
+allow device_profile dev_unix_socket:dir { search };
+allow device_profile distributeddata:binder { call transfer };
+allow device_profile distributedsche_param:parameter_service { set };
+allow device_profile distributedsche:binder { call };
+allow device_profile distributedsche:unix_dgram_socket { getopt setopt };
+allow device_profile foundation:binder { call transfer };
+allow device_profile foundation:fd { use };
+allow device_profile kernel:unix_stream_socket { connectto };
+allow device_profile normal_hap_attr:binder { call transfer };
+allow device_profile system_basic_hap_attr:binder { call transfer };
+allow device_profile system_core_hap_attr:binder { call transfer };
+allow device_profile paramservice_socket:sock_file { write };
+allow device_profile proc_cpuinfo_file:file { open read };
+allow device_profile proc_file:file { open read };
+allow device_profile softbus_server:binder { call transfer };
+allow device_profile softbus_server:fd { use };
+allow device_profile softbus_server:tcp_socket { read setopt shutdown write };
+allow device_profile sa_device_security_level_manager_service:samgr_class { get };
+allow device_profile dslm_service:binder { call transfer };
+allow device_profile dev_console_file:chr_file { read write };
+allow device_profile sa_foundation_wms:samgr_class { get };
+allow device_profile sa_foundation_devicemanager_service:samgr_class { get };
+allow device_profile devinfo_private_param:file { map open read};
+allow device_profile sa_form_mgr_service:samgr_class { get };
+
+debug_only(`
+    allow device_profile sh:binder { call };
+')
+
+allow device_profile sa_bgtaskmgr:samgr_class { get };
+allow device_profile sa_memory_manager_service:samgr_class { get };
+allow device_profile memmgrservice:binder { call };
+allow device_profile sa_distributed_bundle_mgr_service_service:samgr_class { get };
+allow device_profile d-bms:binder { call };
+allow device_profile sa_foundation_wms:samgr_class { get };
+allow device_profile sa_foundation_cesfwk_service:samgr_class { get };
+allow device_profile arkcompiler_param:file { read map open };
+allow device_profile sysfs_devices_system_cpu:file { read };
+allow device_profile data_service_el1_file:file { setattr };
+allow device_profile render_service:fd { use };
+allow device_profile sysfs_devices_system_cpu:file { open };
+allow device_profile multimodalinput:unix_stream_socket { read };
+allow device_profile sa_multimodalinput_service:samgr_class { get };
+allow device_profile multimodalinput:fd { use };
+allow device_profile multimodalinput:unix_stream_socket { write };
+allow device_profile sysfs_devices_system_cpu:file { getattr };
+allow device_profile dev_kmsg_file:chr_file { write };
+allow device_profile bootevent_param:file { map open read };
+allow device_profile bootevent_samgr_param:file { map open read };
+allow device_profile build_version_param:file { map open read };
+allow device_profile const_allow_mock_param:file { map open read };
+allow device_profile const_allow_param:file { map open read };
+allow device_profile const_build_param:file { map open read };
+allow device_profile const_display_brightness_param:file { map open read };
+allow device_profile const_param:file { map open read };
+allow device_profile const_postinstall_fstab_param:file { map open read };
+allow device_profile const_postinstall_param:file { map open read };
+allow device_profile const_product_param:file { map open read };
+allow device_profile debug_param:file { map open read };
+allow device_profile default_param:file { map open read };
+allow device_profile deviceauth_service:binder { transfer };
+allow device_profile distributeddata:binder { transfer };
+allow device_profile distributedsche_param:file { map open read };
+allow device_profile distributedsche:unix_dgram_socket { getopt setopt };
+allow device_profile hilog_param:file { map open read };
+allow device_profile huks_service:binder { call };
+allow device_profile hw_sc_build_os_param:file { map open read };
+allow device_profile hw_sc_build_param:file { map open read };
+allow device_profile hw_sc_param:file { map open read };
+allow device_profile init_param:file { map open read };
+allow device_profile init_svc_param:file { map open read };
+allow device_profile input_pointer_device_param:file { map open read };
+allow device_profile net_param:file { map open read };
+allow device_profile net_tcp_param:file { map open read };
+allow device_profile ohos_boot_param:file { map open read };
+allow device_profile ohos_param:file { map open read };
+allow device_profile param_watcher:binder { call transfer };
+allow device_profile persist_param:file { map open read };
+allow device_profile persist_sys_param:file { map open read };
+allow device_profile sa_device_auth_service:samgr_class { get };
+allow device_profile sa_huks_service:samgr_class { get };
+allow device_profile security_param:file { map open read };
+allow device_profile softbus_server:binder { transfer };
+allow device_profile startup_param:file { map open read };
+allow device_profile sys_param:file { map open read };
+allow device_profile system_bin_file:dir { search };
+allow device_profile sys_usb_param:file { map open read };
+allow device_profile tracefs:dir { search };
+allow device_profile tracefs_trace_marker_file:file { open write };
+allow device_profile dev_unix_socket:dir { search };
+allow device_profile device_manager:binder { call };
+allow device_profile msdp_sa:binder { call };
+allow device_profile accessibility:binder { call };