diff --git a/sepolicy/private/app.te b/sepolicy/private/app.te
index 9f418bd..145daf6 100644
--- a/sepolicy/private/app.te
+++ b/sepolicy/private/app.te
@@ -1,2 +1,4 @@
 # Allow appdomain to get vendor_camera_prop
 get_prop(appdomain, vendor_camera_prop)
+
+get_prop(appdomain, vendor_default_prop)
diff --git a/sepolicy/private/dontaudit.te b/sepolicy/private/dontaudit.te
new file mode 100644
index 0000000..744be45
--- /dev/null
+++ b/sepolicy/private/dontaudit.te
@@ -0,0 +1 @@
+dontaudit gmscore_app firmware_file:filesystem getattr;
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index 779c9e0..79a1d17 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -2,6 +2,7 @@ type adsprpcd_file, file_type;
 type bt_firmware_file, file_type;
 type firmware_file, file_type;
 type persist_file, file_type;
+type sensors_persist_file, file_type;
 type proc_touchpanel, fs_type, proc_type;
 type sysfs_graphics, sysfs_type, fs_type;
 type sysfs_devfreq, sysfs_type, fs_type;
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index 5209938..591fc79 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -1,6 +1,9 @@
 # Data files
 /data/display(/.*)?                 u:object_r:display_data_file:s0
 
+# Dev nodes
+/dev/diag                           u:object_r:diag_device:s0
+
 # Files in rootfs
 /bt_firmware(/.*)?       u:object_r:bt_firmware_file:s0
 /dsp(/.*)?               u:object_r:adsprpcd_file:s0
@@ -12,6 +15,12 @@
 /system/bin/hw/lineage\.livedisplay@2\.0-service-sdm                                         u:object_r:shal_livedisplay_default_exec:s0
 /(product|system/product)/vendor_overlay/[0-9]+/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
 
+# IMS
+/vendor/bin/imsdatadaemon            u:object_r:ims_exec:s0
+
+# Thermal config
+/(system|system/vendor)/etc/thermal-engine.conf   u:object_r:vendor_configs_file:s0
+
 # Touch
 /sys/class/touch/tp_dev/gesture_on  u:object_r:sysfs_tp:s0
 
diff --git a/sepolicy/private/hal_audio.te b/sepolicy/private/hal_audio.te
index c2b37b7..326ada8 100644
--- a/sepolicy/private/hal_audio.te
+++ b/sepolicy/private/hal_audio.te
@@ -1 +1,8 @@
+allow hal_audio diag_device:chr_file rw_file_perms;
+
+allow hal_audio sysfs:dir read;
+
 allow hal_audio hal_power_pixel:binder call;
+
+get_prop(hal_audio, default_prop)
+get_prop(hal_audio, audio_prop)
diff --git a/sepolicy/private/hal_bluetooth.te b/sepolicy/private/hal_bluetooth.te
index 248f0e4..9092adc 100644
--- a/sepolicy/private/hal_bluetooth.te
+++ b/sepolicy/private/hal_bluetooth.te
@@ -1 +1,2 @@
 allow hal_bluetooth vendor_fm_app:binder call;
+allow hal_bluetooth diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/private/hal_camera.te b/sepolicy/private/hal_camera.te
new file mode 100644
index 0000000..4c200ab
--- /dev/null
+++ b/sepolicy/private/hal_camera.te
@@ -0,0 +1,2 @@
+get_prop(hal_camera, system_prop)
+get_prop(hal_camera, default_prop)
diff --git a/sepolicy/private/ims.te b/sepolicy/private/ims.te
new file mode 100644
index 0000000..01140db
--- /dev/null
+++ b/sepolicy/private/ims.te
@@ -0,0 +1,7 @@
+type ims, domain;
+type ims_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(ims)
+net_domain(ims)
+
+allow ims diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
index 4550faa..d4d2ba8 100644
--- a/sepolicy/private/init.te
+++ b/sepolicy/private/init.te
@@ -7,3 +7,10 @@ allow init vendor_configs_file:file mounton;
 
 # Allow init to mount vendor overlay
 allow init vendor_overlay_file:dir mounton;
+
+allow init self:netlink_generic_socket read;
+
+allow init sysfs:file rw_file_perms;
+allow init sysfs_tp:file setattr;
+
+allow init vendor_file:file execute;
diff --git a/sepolicy/private/property.te b/sepolicy/private/property.te
index 1489eeb..b7cc24f 100644
--- a/sepolicy/private/property.te
+++ b/sepolicy/private/property.te
@@ -1,3 +1,5 @@
 type vendor_camera_prop, property_type;
 type vendor_display_prop, property_type;
 type vendor_power_prop, property_type;
+type vendor_ssr_prop, property_type;
+type vendor_cap_configstore_dbg_prop, property_type;
diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts
index e8f3ba2..0ea1fde 100644
--- a/sepolicy/private/property_contexts
+++ b/sepolicy/private/property_contexts
@@ -2,3 +2,4 @@ vendor.powerhal.state      u:object_r:vendor_power_prop:s0
 vendor.powerhal.audio      u:object_r:vendor_power_prop:s0
 vendor.powerhal.init       u:object_r:vendor_power_prop:s0
 vendor.powerhal.rendering  u:object_r:vendor_power_prop:s0
+ro.vendor.fm.use_audio_session     u:object_r:vendor_default_prop:s0
diff --git a/sepolicy/private/qti_init_shell.te b/sepolicy/private/qti_init_shell.te
index 5f1c35a..67b106e 100644
--- a/sepolicy/private/qti_init_shell.te
+++ b/sepolicy/private/qti_init_shell.te
@@ -2,3 +2,21 @@ type qti_init_shell, domain;
 
 allow qti_init_shell sysfs_io_sched_tuneable:file w_file_perms;
 dontaudit qti_init_shell self:capability { dac_override dac_read_search };
+
+allow qti_init_shell configfs:dir create_dir_perms;
+allow qti_init_shell configfs:file create_file_perms;
+allow qti_init_shell configfs:lnk_file create_file_perms;
+
+allow qti_init_shell persist_file:lnk_file read;
+
+allow qti_init_shell sensors_persist_file:fifo_file create_file_perms;
+
+allow qti_init_shell shell_exec:file rx_file_perms;
+
+allow qti_init_shell sysfs:file setattr;
+allow qti_init_shell sysfs_leds:file setattr;
+
+allow qti_init_shell toolbox_exec:file rx_file_perms;
+allow qti_init_shell vendor_file:file entrypoint;
+
+get_prop(qti_init_shell, default_prop)
diff --git a/sepolicy/private/ssr_setup.te b/sepolicy/private/ssr_setup.te
new file mode 100644
index 0000000..84428b8
--- /dev/null
+++ b/sepolicy/private/ssr_setup.te
@@ -0,0 +1,7 @@
+type vendor_ssr_setup, domain;
+type vendor_ssr_setup_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_ssr_setup);
+
+allow vendor_ssr_setup sysfs:file rw_file_perms;
+
+get_prop(vendor_ssr_setup, vendor_ssr_prop)
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
index ab50373..9362aba 100644
--- a/sepolicy/private/system_server.te
+++ b/sepolicy/private/system_server.te
@@ -1,2 +1,5 @@
-get_prop(system_server, vendor_camera_prop)
 allow system_server hal_power_pixel:binder call;
+
+allow system_server sysfs:file read;
+
+get_prop(system_server, vendor_camera_prop)
diff --git a/sepolicy/private/vendor_init.te b/sepolicy/private/vendor_init.te
index fdadda7..2fcd9e5 100644
--- a/sepolicy/private/vendor_init.te
+++ b/sepolicy/private/vendor_init.te
@@ -2,3 +2,12 @@ typeattribute vendor_init data_between_core_and_vendor_violators;
 
 # Allow vendor_init to check encryption status of system_data_file
 allow vendor_init system_data_file:dir { ioctl open read setattr };
+
+allow vendor_init block_device:lnk_file setattr;
+
+allow vendor_init persist_file:lnk_file read;
+
+get_prop(vendor_init, default_prop)
+get_prop(vendor_init, persist_debug_prop)
+
+set_prop(vendor_init, default_prop)