diff --git a/bsp_diff/base_aaos/device/intel/sepolicy/0004-Add-sepolicy-rules-for-evs_app.patch b/bsp_diff/base_aaos/device/intel/sepolicy/0004-Add-sepolicy-rules-for-evs_app.patch
new file mode 100644
index 0000000000..98c8ee6a21
--- /dev/null
+++ b/bsp_diff/base_aaos/device/intel/sepolicy/0004-Add-sepolicy-rules-for-evs_app.patch
@@ -0,0 +1,44 @@
+From e1c829258650d7b02ef8beb717c40d7f2b8b4468 Mon Sep 17 00:00:00 2001
+From: jizhenlo <zhenlong.z.ji@intel.com>
+Date: Wed, 22 May 2024 16:08:28 +0800
+Subject: [PATCH] Add sepolicy rules for evs_app
+
+To let evs_app run normally, these rules are needed.
+
+Tracked-On: OAM-118860
+Signed-off-by: jizhenlo <zhenlong.z.ji@intel.com>
+---
+ car/evsmanagerd.te            | 1 +
+ car/file_contexts             | 2 ++
+ car/hal_graphics_allocator.te | 1 +
+ 3 files changed, 4 insertions(+)
+ create mode 100644 car/evsmanagerd.te
+ create mode 100644 car/hal_graphics_allocator.te
+
+diff --git a/car/evsmanagerd.te b/car/evsmanagerd.te
+new file mode 100644
+index 0000000..26534bc
+--- /dev/null
++++ b/car/evsmanagerd.te
+@@ -0,0 +1 @@
++allow evsmanagerd hal_graphics_allocator_default_tmpfs:file rw_file_perms;
+diff --git a/car/file_contexts b/car/file_contexts
+index dfbebfa..26d1317 100644
+--- a/car/file_contexts
++++ b/car/file_contexts
+@@ -3,3 +3,5 @@
+ 
+ /vendor/bin/hw/android.hardware.broadcastradio@intel-service u:object_r:hal_broadcastradio_default_exec:s0
+ /vendor/bin/hw/android.hardware.automotive.audiocontrol@1.0-service.intel u:object_r:hal_audiocontrol_default_exec:s0
++
++/dev/media[0-9]+          u:object_r:video_device:s0
+diff --git a/car/hal_graphics_allocator.te b/car/hal_graphics_allocator.te
+new file mode 100644
+index 0000000..3991430
+--- /dev/null
++++ b/car/hal_graphics_allocator.te
+@@ -0,0 +1 @@
++allow { hal_graphics_allocator_client -isolated_app_all } hal_graphics_allocator_default_tmpfs:file rw_file_perms;
+-- 
+2.25.1
+