diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 347e366..74450ab 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -86,13 +86,13 @@ TARGET_RELEASETOOLS_EXTENSIONS := $(COMMON_PATH)
 # Sepolicy
 # PRIVATE_EXCLUDE_BUILD_TEST := true
 BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private
-# BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-#     device/qcom/sepolicy/generic/private \
-#     device/qcom/sepolicy/qva/private
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+    device/qcom/sepolicy/generic/private \
+    device/qcom/sepolicy/qva/private
 
-# BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
-#     device/qcom/sepolicy/generic/public \
-#     device/qcom/sepolicy/qva/public
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
+    device/qcom/sepolicy/generic/public \
+    device/qcom/sepolicy/qva/public
 
 # Treble
 BOARD_VNDK_VERSION := current
diff --git a/sepolicy/private/app.te b/sepolicy/private/app.te
new file mode 100644
index 0000000..9f418bd
--- /dev/null
+++ b/sepolicy/private/app.te
@@ -0,0 +1,2 @@
+# Allow appdomain to get vendor_camera_prop
+get_prop(appdomain, vendor_camera_prop)
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index d74de02..dcf06ea 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -2,3 +2,4 @@ type adsprpcd_file, file_type;
 type bt_firmware_file, file_type;
 type firmware_file, file_type;
 type persist_file, file_type;
+type proc_touchpanel, fs_type, proc_type;
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index d8ede0c..7470bc1 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -3,3 +3,16 @@
 /dsp(/.*)?               u:object_r:adsprpcd_file:s0
 /firmware(/.*)?          u:object_r:firmware_file:s0
 /persist(/.*)?           u:object_r:persist_file:s0
+
+# HALs
+/system/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.realme_sdm710    u:object_r:hal_fingerprint_sdm710_exec:s0
+/(product|system/product)/vendor_overlay/[0-9]+/bin/hw/android\.hardware\.light@2\.0-service    u:object_r:hal_light_default_exec:s0
+/(product|system/product)/vendor_overlay/[0-9]+/bin/hw/android\.hardware\.usb@1\.0-service    u:object_r:hal_usb_default_exec:s0
+
+# Vendor overlay
+/(product|system/product)/vendor_overlay/[0-9]+/etc(/.*)?        u:object_r:vendor_configs_file:s0
+/(product|system/product)/vendor_overlay/[0-9]+/etc/wifi(/.*)?   u:object_r:vendor_configs_file:s0
+/(product|system/product)/vendor_overlay/[0-9]+/etc/vintf(/.*)?  u:object_r:vendor_configs_file:s0
+/(product|system/product)/vendor_overlay/[0-9]+/lib(64)?/hw      u:object_r:vendor_hal_file:s0
+/(product|system/product)/vendor_overlay/[0-9]+/lib(64)?/soundfx u:object_r:vendor_hal_file:s0
+/(product|system/product)/vendor_overlay/[0-9]+/overlay(/.*)?    u:object_r:vendor_overlay_file:s0
diff --git a/sepolicy/private/genfs_contexts b/sepolicy/private/genfs_contexts
new file mode 100644
index 0000000..29a57f9
--- /dev/null
+++ b/sepolicy/private/genfs_contexts
@@ -0,0 +1 @@
+genfscon proc /touchpanel    u:object_r:proc_touchpanel:s0
diff --git a/sepolicy/private/hal_fingerprint_sdm710.te b/sepolicy/private/hal_fingerprint_sdm710.te
new file mode 100644
index 0000000..adf8fb1
--- /dev/null
+++ b/sepolicy/private/hal_fingerprint_sdm710.te
@@ -0,0 +1,6 @@
+type hal_fingerprint_sdm710, coredomain, domain;
+hal_client_domain(hal_fingerprint_sdm710, hal_fingerprint)
+hal_server_domain(hal_fingerprint_sdm710, hal_fingerprint)
+
+type hal_fingerprint_sdm710_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_fingerprint_sdm710)
diff --git a/sepolicy/private/hal_power.te b/sepolicy/private/hal_power.te
new file mode 100644
index 0000000..aee843b
--- /dev/null
+++ b/sepolicy/private/hal_power.te
@@ -0,0 +1,2 @@
+allow hal_power proc_touchpanel:dir search;
+allow hal_power proc_touchpanel:file w_file_perms;
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
new file mode 100644
index 0000000..22db54d
--- /dev/null
+++ b/sepolicy/private/init.te
@@ -0,0 +1,5 @@
+allow init proc_touchpanel:dir search;
+allow init proc_touchpanel:file { write setattr open};
+
+# Allow init to mount vendor configs
+allow init vendor_configs_file:dir mounton;
diff --git a/sepolicy/private/property.te b/sepolicy/private/property.te
new file mode 100644
index 0000000..028c77c
--- /dev/null
+++ b/sepolicy/private/property.te
@@ -0,0 +1 @@
+type vendor_camera_prop, property_type;
diff --git a/sepolicy/private/qti_init_shell.te b/sepolicy/private/qti_init_shell.te
new file mode 100644
index 0000000..5f1c35a
--- /dev/null
+++ b/sepolicy/private/qti_init_shell.te
@@ -0,0 +1,4 @@
+type qti_init_shell, domain;
+
+allow qti_init_shell sysfs_io_sched_tuneable:file w_file_perms;
+dontaudit qti_init_shell self:capability { dac_override dac_read_search };
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
new file mode 100644
index 0000000..135faa7
--- /dev/null
+++ b/sepolicy/private/system_server.te
@@ -0,0 +1 @@
+get_prop(system_server, vendor_camera_prop)