diff --git a/sepolicy/energyawareness.te b/sepolicy/energyawareness.te
new file mode 100644
index 0000000..e2ccd54
--- /dev/null
+++ b/sepolicy/energyawareness.te
@@ -0,0 +1,2 @@
+allow energyawareness sysfs_uio:file r_file_perms;
+allow energyawareness sysfs_rmt_storage:file r_file_perms;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 133f0d8..68698b6 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -49,7 +49,6 @@ type sysfs_wcnsscore, fs_type, sysfs_type;
 type nv_data_file, file_type;
 type sysfs_rmt_storage, fs_type, sysfs_type;
 type debugfs_rmt_storage, debugfs_type, fs_type;
-type debugfs_rpm, debugfs_type, fs_type;
 type debugfs_wlan, debugfs_type, fs_type;
 type perfd_data_file, file_type, data_file_type;
 type proc_kernel_sched, fs_type;
diff --git a/sepolicy/firmware_file.te b/sepolicy/firmware_file.te
new file mode 100644
index 0000000..87b8ba7
--- /dev/null
+++ b/sepolicy/firmware_file.te
@@ -0,0 +1,2 @@
+allow firmware_file rootfs:filesystem associate;
+
diff --git a/sepolicy/hal_gnss_qti.te b/sepolicy/hal_gnss_qti.te
new file mode 100644
index 0000000..3179a42
--- /dev/null
+++ b/sepolicy/hal_gnss_qti.te
@@ -0,0 +1,4 @@
+binder_call(hal_gnss_qti, servicemanager);
+get_prop(hal_gnss_qti, diag_prop);
+allow hal_gnss_qti per_mgr_service_old:service_manager find;
+
diff --git a/sepolicy/hal_light_default.te b/sepolicy/hal_light_default.te
new file mode 100644
index 0000000..c9b8d45
--- /dev/null
+++ b/sepolicy/hal_light_default.te
@@ -0,0 +1 @@
+allow hal_light_default sysfs:file { open read write };
diff --git a/sepolicy/hwservicemanager.te b/sepolicy/hwservicemanager.te
new file mode 100644
index 0000000..a26eb02
--- /dev/null
+++ b/sepolicy/hwservicemanager.te
@@ -0,0 +1,9 @@
+#allow hwservicemanager init:binder call;
+allow hwservicemanager init:dir search;
+allow hwservicemanager init:file { open read };
+allow hwservicemanager init:process getattr;
+
+binder_use(hwservicemanager);
+
+binder_call(hwservicemanager, hal_power_default);
+binder_call(hwservicemanager, hal_usb_default);
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
new file mode 100644
index 0000000..be3aee6
--- /dev/null
+++ b/sepolicy/installd.te
@@ -0,0 +1,3 @@
+allow installd firmware_file:filesystem quotaget;
+allow installd fsg_file:filesystem quotaget;
+allow installd persist_file:filesystem quotaget;
diff --git a/sepolicy/mediaextractor.te b/sepolicy/mediaextractor.te
new file mode 100644
index 0000000..cb0e665
--- /dev/null
+++ b/sepolicy/mediaextractor.te
@@ -0,0 +1,4 @@
+allow mediaextractor fuse:file r_file_perms;
+allow mediaextractor system_server:fifo_file { write append };
+allow mediaextractor sdcardfs:file r_file_perms;
+allow mediaextractor vfat:file r_file_perms;
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
index a317d4f..2cf4bab 100644
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
@@ -2,3 +2,6 @@ allow netmgrd netmgr_data_file:dir { add_name search write };
 allow netmgrd netmgr_data_file:file create;
 allow netmgrd netmgr_data_file:file rw_file_perms;
 allow netmgrd self:capability dac_override;
+allow netmgrd net_data_file:dir r_dir_perms;
+allow netmgrd netd_socket:sock_file write;
+allow netmgrd toolbox_exec:file { execute getattr execute_no_trans read open };
diff --git a/sepolicy/perfd.te b/sepolicy/perfd.te
new file mode 100644
index 0000000..2189bfd
--- /dev/null
+++ b/sepolicy/perfd.te
@@ -0,0 +1,42 @@
+type perfd, domain;
+type perfd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(perfd)
+
+allow perfd cgroup:file r_file_perms;
+
+allow perfd cameraserver:process signull;
+
+# files in /data/misc/perfd and /data/system/perfd
+allow perfd perfd_data_file:dir create_dir_perms;
+allow perfd perfd_data_file:{ file sock_file } create_file_perms;
+
+allow perfd proc_kernel_sched:file r_file_perms;
+
+# read access /sys
+r_dir_file(perfd, sysfs_type)
+# normally write is not granted to the default "sysfs" label.
+# In this case, perfd needs access to files in /sys that are
+# commonly created and destroyed. When the kernel creates them,
+# they are created with the default label "sysfs". For robustness,
+# allow perfd to write to "sysfs" to ensure it can optimally
+# tune the power/cpu settings.
+allow perfd sysfs:file write;
+allow perfd sysfs_msm_perf:file write;
+allow perfd sysfs_ssr:file write;
+allow perfd sysfs_devices_system_cpu:file write;
+allow perfd sysfs_power_management:file write;
+allow perfd sysfs_devfreq:file write;
+allow perfd sysfs_lib:file write;
+
+allow perfd proc_kernel_sched:file w_file_perms;
+allow perfd gpu_device:chr_file rw_file_perms;
+
+# perfd uses kill(pid, 0) to determine if a process exists.
+# Determining if a process exists does not require the kill capability
+# since a permission denied indicates the process exists.
+dontaudit perfd self:capability kill;
+
+allow perfd surfaceflinger:process signull;
+allow perfd hal_graphics_composer_default:process signull;
+
+get_prop(perfd, freq_prop);
diff --git a/sepolicy/peripheral_manager.te b/sepolicy/peripheral_manager.te
new file mode 100644
index 0000000..26360a6
--- /dev/null
+++ b/sepolicy/peripheral_manager.te
@@ -0,0 +1,5 @@
+binder_call(per_mgr, servicemanager);
+allow per_mgr self:capability net_raw;
+allow per_mgr per_mgr_service_old:service_manager { add find };
+allow per_mgr servicemanager:binder { call transfer };
+
diff --git a/sepolicy/property.te b/sepolicy/property.te
index 9d80ab6..f761a53 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -2,3 +2,6 @@ type adspd_prop, property_type;
 type motosh_prop, property_type;
 type hw_rev_prop, property_type;
 type touch_prop, property_type;
+type diag_prop, property_type;
+type thermal_prop, property_type;
+type qti_telephony_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index abc3b42..b3bd9a5 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -1,5 +1,5 @@
 hw.aov.disable_hotword  u:object_r:adspd_prop:s0
 hw.aov.hotword_dsp_path u:object_r:adspd_prop:s0
 hw.motosh.booted        u:object_r:motosh_prop:s0
-ro.boot.hardware.revision u:object_r:hw_rev_prop:s0
+ro.hw.revision          u:object_r:hw_rev_prop:s0
 hw.touch.status         u:object_r:touch_prop:s0
diff --git a/sepolicy/qseeproxy.te b/sepolicy/qseeproxy.te
new file mode 100644
index 0000000..f05bfd5
--- /dev/null
+++ b/sepolicy/qseeproxy.te
@@ -0,0 +1,3 @@
+binder_call(qseeproxy, servicemanager);
+allow qseeproxy self:process getattr;
+allow qseeproxy qseeproxy_service_old:service_manager { add find };
diff --git a/sepolicy/qtelephony.te b/sepolicy/qtelephony.te
new file mode 100644
index 0000000..7e0cb06
--- /dev/null
+++ b/sepolicy/qtelephony.te
@@ -0,0 +1 @@
+allow qtelephony radio_service:service_manager find;
diff --git a/sepolicy/qti.te b/sepolicy/qti.te
new file mode 100644
index 0000000..b907b17
--- /dev/null
+++ b/sepolicy/qti.te
@@ -0,0 +1 @@
+get_prop(qti, diag_prop)
diff --git a/sepolicy/radio.te b/sepolicy/radio.te
index 9ba85de..dadb2cb 100644
--- a/sepolicy/radio.te
+++ b/sepolicy/radio.te
@@ -1 +1,2 @@
 allow radio system_app_data_file:dir getattr;
+allow radio qmuxd_socket:sock_file write;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 898c594..1c5656d 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -8,6 +8,8 @@ allow rild nv_data_file:file create_file_perms;
 allow rild radio_data_file:dir rw_dir_perms;
 allow rild radio_data_file:file create_file_perms;
 allow rild fsg_file:file { getattr open read };
+allow rild fsg_file:dir { search open read };
+allow rild fsg_file:lnk_file read;
 
 allow rild cutback_data_file:dir rw_dir_perms;
 allow rild cutback_data_file:sock_file create_file_perms;
diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te
index 11bff13..b4a132d 100644
--- a/sepolicy/rmt_storage.te
+++ b/sepolicy/rmt_storage.te
@@ -1,5 +1,12 @@
-allow rmt_storage fsg_file:dir search;
-allow rmt_storage fsg_file:file { read open };
+allow rmt_storage sysfs_rmt_storage:file rw_file_perms;
+allow rmt_storage sysfs_rmt_storage:dir { search open };
+allow rmt_storage sysfs_uio:file r_file_perms;
+allow rmt_storage sysfs_uio:dir { read open search };
+allow rmt_storage sysfs_uio:lnk_file { read };
+allow rmt_storage debugfs_rmt_storage:dir search;
+allow rmt_storage debugfs_rmt_storage:file w_file_perms;
+
+allow rmt_storage fsg_file:file { open read };
 allow rmt_storage self:capability dac_override;
 
 allow rmt_storage fsg_file:dir search;
diff --git a/sepolicy/service.te b/sepolicy/service.te
new file mode 100644
index 0000000..5fa5a9b
--- /dev/null
+++ b/sepolicy/service.te
@@ -0,0 +1,2 @@
+type qseeproxy_service_old,           service_manager_type;
+type per_mgr_service_old,           service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
new file mode 100644
index 0000000..fc214d5
--- /dev/null
+++ b/sepolicy/service_contexts
@@ -0,0 +1,3 @@
+com.qualcomm.qti.qseeproxy                     u:object_r:qseeproxy_service_old:s0
+vendor.qcom.PeripheralManager                     u:object_r:per_mgr_service_old:s0
+
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 67f01a9..0e9e8e8 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,3 +1,5 @@
+binder_call(system_server, rild);
+
 allow system_server sysfs_homebutton:file rw_file_perms;
 allow system_server sysfs_homebutton:dir r_dir_perms;
 allow system_server persist_file:dir create_dir_perms;
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
new file mode 100644
index 0000000..0725a71
--- /dev/null
+++ b/sepolicy/thermal-engine.te
@@ -0,0 +1,9 @@
+get_prop(thermal-engine, diag_prop)
+allow thermal-engine socket_device:sock_file { create setattr };
+allow thermal-engine sysfs_rmt_storage:dir search;
+allow thermal-engine sysfs_rmt_storage:file r_file_perms;
+allow thermal-engine sysfs_uio:file r_file_perms;
+allow thermal-engine sysfs_uio:dir { read open search };
+allow thermal-engine sysfs_uio:lnk_file { read };
+allow thermal-engine sysfs_vadc_dev:lnk_file { read open };
+allow thermal-engine sysfs_vadc_dev:dir rw_dir_perms;
diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te
index 7ff6dc3..ddcda87 100644
--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
@@ -1 +1,3 @@
-allow time_daemon persist_file:file rw_file_perms;
+get_prop(time_daemon, diag_prop);
+
+allow time_daemon persist_file:file { open read write };
diff --git a/sepolicy/untrused_app.te b/sepolicy/untrused_app.te
new file mode 100644
index 0000000..50e45cf
--- /dev/null
+++ b/sepolicy/untrused_app.te
@@ -0,0 +1,4 @@
+get_prop(untrusted_app, camera_prop);
+get_prop(untrusted_app_25, camera_prop);
+allow untrusted_app sysfs_zram:dir { search read };
+allow untrusted_app sysfs_zram:file { open read getattr };
diff --git a/sepolicy/wcnss_filter.te b/sepolicy/wcnss_filter.te
new file mode 100644
index 0000000..aad7936
--- /dev/null
+++ b/sepolicy/wcnss_filter.te
@@ -0,0 +1 @@
+get_prop(wcnss_filter, diag_prop);