diff --git a/sepolicy/vendor/hal_dms_default.te b/sepolicy/vendor/hal_dms_default.te
index ce3c360..8cac070 100644
--- a/sepolicy/vendor/hal_dms_default.te
+++ b/sepolicy/vendor/hal_dms_default.te
@@ -8,6 +8,7 @@ allow hal_dms_default hal_audio_default:binder call;
 allow hal_dms_default platform_app:binder call;
 allow hal_dms_default vendor_data_file:file { rw_file_perms create };
 allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name };
+dontaudit hal_dms_default vendor_file:file execute_no_trans;
 
 allow hal_dms_default vendor_media_data_file:dir { add_name remove_name read write search open };
 allow hal_dms_default vendor_media_data_file:file { read write open create ioctl getattr lock unlink };
diff --git a/sepolicy/vendor/hal_light_default.te b/sepolicy/vendor/hal_light_default.te
index 197d8af..9246ce3 100644
--- a/sepolicy/vendor/hal_light_default.te
+++ b/sepolicy/vendor/hal_light_default.te
@@ -1 +1,2 @@
 allow hal_light_default sysfs:file { open getattr write };
+dontaudit hal_light_default vendor_file:file execute_no_trans;
diff --git a/sepolicy/vendor/mm-qcamerad.te b/sepolicy/vendor/mm-qcamerad.te
new file mode 100644
index 0000000..3b26aee
--- /dev/null
+++ b/sepolicy/vendor/mm-qcamerad.te
@@ -0,0 +1,20 @@
+typeattribute mm-qcamerad data_between_core_and_vendor_violators;
+allow mm-qcamerad camera_prop:property_service set;
+allow mm-qcamerad init:unix_stream_socket connectto;
+allow mm-qcamerad persist_file:dir { getattr open read search  };
+allow mm-qcamerad persist_file:file { read open getattr };
+allow mm-qcamerad property_socket:sock_file write;
+allow mm-qcamerad mnt_vendor_file:file rw_file_perms;
+
+# TODO(b/36599434): Remove this once mm-qcamerad stops using Binder services
+typeattribute mm-qcamerad binder_in_vendor_violators;
+allow mm-qcamerad binder_device:chr_file { read write };
+
+allow mm-qcamerad fwk_sensor_hwservice:hwservice_manager find;
+allow mm-qcamerad camera_data_file:dir search;
+
+allow mm-qcamerad vendor_data_file:dir r_dir_perms;
+allow mm-qcamerad vendor_data_file:file rw_file_perms;
+
+vndbinder_use(mm-qcamerad);
+get_prop(mm-qcamerad, moto_boot_prop);
diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te
new file mode 100644
index 0000000..72811e9
--- /dev/null
+++ b/sepolicy/vendor/surfaceflinger.te
@@ -0,0 +1,2 @@
+dontaudit surfaceflinger firmware_file:dir search;
+