diff --git a/sepolicy/private/mediaprovider_app.te b/sepolicy/private/mediaprovider_app.te
new file mode 100644
index 00000000..ccec492e
--- /dev/null
+++ b/sepolicy/private/mediaprovider_app.te
@@ -0,0 +1,2 @@
+allow mediaprovider_app rootfs:dir { read };
+allow mediaprovider_app rootfs:file { getattr };
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
index 93c92dda..1e735c29 100644
--- a/sepolicy/private/system_server.te
+++ b/sepolicy/private/system_server.te
@@ -4,3 +4,4 @@ get_prop(system_server, vendor_persist_camera_prop)
 
 get_prop(system_server, userspace_reboot_config_prop)
 get_prop(system_server, userspace_reboot_exported_prop)
+get_prop(system_server, exported_camera_prop)
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 60618abd..bb99f888 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -5,3 +5,4 @@ allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
 allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
 
 get_prop(appdomain, exported_camera_prop)
+get_prop(appdomain, vendor_persist_camera_prop)
diff --git a/sepolicy/vendor/fsck_untrusted.te b/sepolicy/vendor/fsck_untrusted.te
new file mode 100644
index 00000000..4149f497
--- /dev/null
+++ b/sepolicy/vendor/fsck_untrusted.te
@@ -0,0 +1 @@
+allow fsck_untrusted sysfs:file { getattr };
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
index a8d613aa..10be8093 100644
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -8,3 +8,10 @@ set_prop(hal_audio_default, dirac_prop)
 
 set_prop(hal_audio_default, vendor_audio_prop)
 get_prop(hal_audio_default, vendor_audio_prop)
+
+allow hal_audio_default audio_device:dir r_dir_perms;
+
+allow hal_audio_default init:unix_stream_socket connectto;
+
+allow hal_audio_default vendor_data_file:dir { create write add_name };
+allow hal_audio_default vendor_data_file:file { append create getattr open read };
diff --git a/sepolicy/vendor/hal_dpmQmiMgr.te b/sepolicy/vendor/hal_dpmQmiMgr.te
new file mode 100644
index 00000000..68fed9c0
--- /dev/null
+++ b/sepolicy/vendor/hal_dpmQmiMgr.te
@@ -0,0 +1 @@
+allow hal_dpmQmiMgr sysfs:file { open  read };
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
new file mode 100644
index 00000000..89f2df7e
--- /dev/null
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -0,0 +1,5 @@
+allow hal_graphics_composer_default diag_device:chr_file { read };
+allow hal_graphics_composer_default sysfs_graphics:file r_file_perms;
+allow hal_graphics_composer_default sysfs:file rw_file_perms;
+allow hal_graphics_composer_default sysfs_graphics:lnk_file read;
+allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read };
diff --git a/sepolicy/vendor/hal_imsrtp.te b/sepolicy/vendor/hal_imsrtp.te
new file mode 100644
index 00000000..279ecc6e
--- /dev/null
+++ b/sepolicy/vendor/hal_imsrtp.te
@@ -0,0 +1 @@
+allow hal_imsrtp diag_device:chr_file { read };
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
index b8b558c8..11d04b12 100644
--- a/sepolicy/vendor/hal_sensors_default.te
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -1,5 +1,6 @@
 allow hal_sensors_default audio_socket:sock_file rw_file_perms;
 allow hal_sensors_default sysfs_info:file { read write };
+allow hal_sensors_default diag_device:chr_file { read };
 
 unix_socket_connect(hal_sensors_default, audio, hal_audio_default)
 set_prop(hal_sensors_default, camera_prop)
diff --git a/sepolicy/vendor/hal_vibrator_default.te b/sepolicy/vendor/hal_vibrator_default.te
new file mode 100644
index 00000000..e9472eb4
--- /dev/null
+++ b/sepolicy/vendor/hal_vibrator_default.te
@@ -0,0 +1,2 @@
+allow hal_vibrator_default sysfs_leds:file { read write open getattr };
+allow hal_vibrator_default sysfs:file { write open read getattr };
diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/hvdcp.te
index a042f64e..a2375dcb 100644
--- a/sepolicy/vendor/hvdcp.te
+++ b/sepolicy/vendor/hvdcp.te
@@ -1 +1,2 @@
 allow hvdcp vendor_sysfs_hvdcp:file r_file_perms;
+allow hvdcp sysfs:file { open  read };
diff --git a/sepolicy/vendor/ims.te b/sepolicy/vendor/ims.te
new file mode 100644
index 00000000..6df8f380
--- /dev/null
+++ b/sepolicy/vendor/ims.te
@@ -0,0 +1,2 @@
+allow ims sysfs:file { open  read };
+allow ims diag_device:chr_file { read };
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index b537fba9..fe5cd926 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -14,3 +14,9 @@ allow init {
 allow init firmware_file:filesystem { getattr };
 allow init bt_firmware_file:filesystem { getattr };
 allow init apex_metadata_file:lnk_file { read };
+
+# Vibrator
+allow init sysfs_leds: file { rw_file_perms };
+
+allow init sysfs:file { setattr };
+allow init debugfs_tracing_debug:dir { mounton };
diff --git a/sepolicy/vendor/ipacm-diag.te b/sepolicy/vendor/ipacm-diag.te
new file mode 100644
index 00000000..d37def95
--- /dev/null
+++ b/sepolicy/vendor/ipacm-diag.te
@@ -0,0 +1 @@
+allow ipacm-diag diag_device:chr_file { read };
diff --git a/sepolicy/vendor/ipacm.te b/sepolicy/vendor/ipacm.te
new file mode 100644
index 00000000..3a5259e2
--- /dev/null
+++ b/sepolicy/vendor/ipacm.te
@@ -0,0 +1 @@
+allow ipacm ipacm_socket:sock_file { write };
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
index 224a7b70..605e1ea7 100644
--- a/sepolicy/vendor/netmgrd.te
+++ b/sepolicy/vendor/netmgrd.te
@@ -1 +1,8 @@
+allow netmgrd init:unix_stream_socket { connectto };
+allow netmgrd property_socket:sock_file { write };
+allow netmgrd sysfs:file { open  read };
+allow netmgrd vendor_data_ko_prop:property_service { set };
+allow netmgrd vendor_default_prop:property_service { set };
+allow netmgrd diag_device:chr_file { read };
+
 set_prop(netmgrd, vendor_radio_prop)
diff --git a/sepolicy/vendor/port-bridge.te b/sepolicy/vendor/port-bridge.te
new file mode 100644
index 00000000..a892bf2d
--- /dev/null
+++ b/sepolicy/vendor/port-bridge.te
@@ -0,0 +1 @@
+allow port-bridge sysfs:file { open  read };
diff --git a/sepolicy/vendor/proc_net.te b/sepolicy/vendor/proc_net.te
new file mode 100644
index 00000000..671a2241
--- /dev/null
+++ b/sepolicy/vendor/proc_net.te
@@ -0,0 +1 @@
+allow proc_net proc:filesystem { associate };
diff --git a/sepolicy/vendor/qti_init_shell.te b/sepolicy/vendor/qti_init_shell.te
index 4e426bf1..749ccf2a 100644
--- a/sepolicy/vendor/qti_init_shell.te
+++ b/sepolicy/vendor/qti_init_shell.te
@@ -1,3 +1,8 @@
+typeattribute qti_init_shell data_between_core_and_vendor_violators;
+
+allow qti_init_shell vendor_radio_data_file:dir rw_dir_perms;;
+allow qti_init_shell vendor_radio_data_file:file create_file_perms;
+allow qti_init_shell system_data_file:dir rw_dir_perms;
 allow qti_init_shell ctl_start_prop:property_service set;
 allow qti_init_shell ctl_stop_prop:property_service set;
 allow qti_init_shell self:perf_event cpu;
@@ -9,4 +14,6 @@ allow qti_init_shell system_prop:property_service { set };
 dontaudit qti_init_shell system_prop:property_service set;
 dontaudit qti_init_shell self:capability { dac_override dac_read_search };
 
+set_prop(qti_init_shell, debug_prop);
+set_prop(qti_init_shell, radio_prop);
 get_prop(vendor_qti_init_shell, radio_control_prop)
diff --git a/sepolicy/vendor/rmt_storage.te b/sepolicy/vendor/rmt_storage.te
new file mode 100644
index 00000000..29a5b8f6
--- /dev/null
+++ b/sepolicy/vendor/rmt_storage.te
@@ -0,0 +1 @@
+allow rmt_storage sysfs:file { open  read };
diff --git a/sepolicy/vendor/sensors.te b/sepolicy/vendor/sensors.te
new file mode 100644
index 00000000..6f43770f
--- /dev/null
+++ b/sepolicy/vendor/sensors.te
@@ -0,0 +1 @@
+allow sensors diag_device:chr_file { read };
diff --git a/sepolicy/vendor/vendor_dpmd.te b/sepolicy/vendor/vendor_dpmd.te
new file mode 100644
index 00000000..724e050b
--- /dev/null
+++ b/sepolicy/vendor/vendor_dpmd.te
@@ -0,0 +1 @@
+allow vendor_dpmd diag_device:chr_file { read };
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 62f6c952..d3743e8f 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -12,5 +12,6 @@ allow vendor_init proc:file w_file_perms;
 get_prop(vendor_init, hal_fingerprint_prop)
 
 set_prop(vendor_init, camera_prop)
+set_prop(vendor_init, vendor_persist_camera_prop)
 set_prop(vendor_init, vendor_freq_prop)
 set_prop(vendor_init, vendor_power_prop)
diff --git a/sepolicy/vendor/vendor_per_mgr.te b/sepolicy/vendor/vendor_per_mgr.te
new file mode 100644
index 00000000..f9bfed91
--- /dev/null
+++ b/sepolicy/vendor/vendor_per_mgr.te
@@ -0,0 +1 @@
+allow vendor_per_mgr sysfs:file { open  read };
diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
index 7602fa18..2a5321f5 100644
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te
@@ -1,2 +1,3 @@
 allow vold sysfs_mmc_host:file write;
+allow vold sysfs_mmc_host:file create_file_perms;
 allow vold vendor_apex_file:file { getattr };
diff --git a/sepolicy/vendor/wcnss_service.te b/sepolicy/vendor/wcnss_service.te
index 0bd36460..fe17445e 100644
--- a/sepolicy/vendor/wcnss_service.te
+++ b/sepolicy/vendor/wcnss_service.te
@@ -2,4 +2,4 @@ allow wcnss_service kmsg_device:chr_file w_file_perms;
 allow wcnss_service proc_net:file r_file_perms;
 allow wcnss_service sysfs:file r_file_perms;
 allow wcnss_service sysfs_net:dir search;
-allow wcnss_service vendor_shell_exec:file x_file_perms;
+allow wcnss_service vendor_shell_exec:file { x_file_perms execute_no_trans };
diff --git a/sepolicy/vendor/zygote.te b/sepolicy/vendor/zygote.te
index 383ec877..ad4286d3 100644
--- a/sepolicy/vendor/zygote.te
+++ b/sepolicy/vendor/zygote.te
@@ -1,3 +1,4 @@
 allow zygote exported_camera_prop:file { open read getattr write };
 
 get_prop(zygote, exported_camera_prop)
+allow zygote unlabeled:dir { search };