diff --git a/diskswap/diskswap.te b/diskswap/diskswap.te
new file mode 100644
index 00000000..b85daec9
--- /dev/null
+++ b/diskswap/diskswap.te
@@ -0,0 +1,20 @@
+type diskswap, domain;
+type diskswap_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(diskswap)
+
+allow diskswap vendor_file:file rx_file_perms;
+allow diskswap proc_meminfo:file r_file_perms;
+
+# allow the diskswap domain to set prop sys.enable_swap
+# set_prop(diskswap, vendor_mem_prop)
+
+not_full_treble(`
+  allow diskswap system_file:file rx_file_perms;
+  allow diskswap shell_exec:file rx_file_perms;
+')
+
+full_treble_only(`
+  allow diskswap vendor_shell_exec:file rx_file_perms;
+  allow diskswap vendor_toolbox_exec:file rx_file_perms;
+')
diff --git a/diskswap/file_contexts b/diskswap/file_contexts
new file mode 100644
index 00000000..b7c93822
--- /dev/null
+++ b/diskswap/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/diskswap.sh u:object_r:diskswap_exec:s0