diff --git a/sepolicy/pawlet_device.te b/sepolicy/pawlet_device.te
index fafad3d..77405ff 100644
--- a/sepolicy/pawlet_device.te
+++ b/sepolicy/pawlet_device.te
@@ -5,14 +5,14 @@ type pawlet_device_exec, exec_type, file_type, system_file_type;
 # Inherit from core domain
 typeattribute pawlet_device coredomain;
 
-# Property access - use proper macros ONLY (no direct allow rules)
-get_prop(pawlet_device, vendor_default_prop)
-set_prop(pawlet_device, vendor_default_prop)
+# Basic file access for your domain
+allow pawlet_device pawlet_device_exec:file { execute read open map };
+allow pawlet_device system_file:file { read getattr open };
 
 # Binder communication if needed
-allow pawlet_device system_server:binder { call transfer };
-allow pawlet_device servicemanager:binder { call transfer };
+binder_use(pawlet_device)
+binder_call(pawlet_device, system_server)
+binder_call(pawlet_device, servicemanager)
 
-# Basic file access for your domain (only for your own files)
-allow pawlet_device pawlet_device_exec:file { execute read open map };
-allow pawlet_device system_file:file { read getattr open };
\ No newline at end of file
+# ONLY THIS LINE IS NEEDED FOR READING PROPERTIES:
+get_prop(pawlet_device, vendor_default_prop)
\ No newline at end of file