diff --git a/BoardConfig.mk b/BoardConfig.mk
index 4ca6554..6ab3d85 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -177,8 +177,8 @@ TARGET_USERIMAGES_USE_F2FS := true
 TARGET_RELEASETOOLS_EXTENSIONS := $(DEVICE_PATH)/releasetools
 
 # SELinux
-#include device/qcom/sepolicy/sepolicy.mk
-#BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy
+include device/qcom/sepolicy/sepolicy.mk
+BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy
 
 # Sensor
 USE_SENSOR_MULTI_HAL := true
diff --git a/rootdir/etc/fstab.qcom b/rootdir/etc/fstab.qcom
index 0d8e46f..8d832f0 100644
--- a/rootdir/etc/fstab.qcom
+++ b/rootdir/etc/fstab.qcom
@@ -9,10 +9,10 @@
 /dev/block/bootdevice/by-name/system         /system      ext4    ro,barrier=1,discard                                                               wait
 /dev/block/bootdevice/by-name/userdata       /data        f2fs    rw,discard,nosuid,nodev,noatime,nodiratime,nobarrier,inline_xattr,inline_data      wait,check,formattable,encryptable=/dev/block/bootdevice/by-name/metadata
 /dev/block/bootdevice/by-name/cache          /cache       ext4    rw,noatime,nosuid,nodev,barrier=1,data=ordered                                     wait,check,formattable
-/dev/block/bootdevice/by-name/modem          /firmware    ext4    ro,nosuid,nodev,barrier=0                     wait
-/dev/block/bootdevice/by-name/fsg            /fsg         ext4    ro,nosuid,nodev                                     wait
+/dev/block/bootdevice/by-name/modem          /firmware    ext4    ro,nosuid,nodev,barrier=0,context=u:object_r:firmware_file:s0                      wait
+/dev/block/bootdevice/by-name/fsg            /fsg         ext4    ro,nosuid,nodev,context=u:object_r:fsg_file:s0                                     wait
 /dev/block/bootdevice/by-name/dsp            /dsp         ext4    ro,nosuid,nodev,barrier=1                                                          wait
-/dev/block/bootdevice/by-name/persist        /persist     ext4    nosuid,nodev,barrier=1,noatime,noauto_da_alloc  wait
+/dev/block/bootdevice/by-name/persist        /persist     ext4    nosuid,nodev,barrier=1,noatime,noauto_da_alloc,context=u:object_r:persist_file:s0  wait
 /dev/block/bootdevice/by-name/boot           /boot        emmc    defaults                                                                           recoveryonly
 /dev/block/bootdevice/by-name/recovery       /recovery    emmc    defaults                                                                           recoveryonly
 /dev/block/bootdevice/by-name/misc           /misc        emmc    defaults                                                                           defaults
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index 312ca57..009f1f7 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -429,6 +429,7 @@ on post-fs-data
 service charger /charger
     class charger
     group log
+    seclabel u:r:healthd:s0
     disabled
 
 # Allow usb charging to be disabled peristently