diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te
index 80165e6..bbed452 100644
--- a/sepolicy/cnd.te
+++ b/sepolicy/cnd.te
@@ -1 +1,2 @@
 allow cnd system_wpa_socket:sock_file { unlink };
+allow cnd diag_device:chr_file { read write };
diff --git a/sepolicy/ims.te b/sepolicy/ims.te
new file mode 100644
index 0000000..bce353c
--- /dev/null
+++ b/sepolicy/ims.te
@@ -0,0 +1,4 @@
+allow ims debug_prop:property_service set;
+get_prop(ims, debug_prop);
+allow ims self:capability net_raw;
+allow ims diag_device:chr_file { read write };
\ No newline at end of file
diff --git a/sepolicy/init.te b/sepolicy/init.te
index f692318..f2688ec 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -33,7 +33,7 @@ allow init netd:unix_stream_socket connectto;
 allow init self:netlink_socket { read write getattr connect };
 
 allow init debugfs:file write;
-allow init persist_file:filesystem { getattr mount relabelfrom relabelto };
+allow init persist_file:filesystem { getattr mount relabelfrom relabelto unmount };
 
 allow init self:capability sys_nice;
 
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
index 30dae43..cd77e5e 100644
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te
@@ -1 +1,3 @@
 allow kernel hw_block_device:blk_file rw_file_perms;
+allow kernel vfat:file open;
+allow kernel self:socket create;
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index b9d4d0d..3a827f5 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -3,6 +3,7 @@ binder_use(mm-qcamerad);
 binder_call(mm-qcamerad, binderservicedomain);
 binder_call(mm-qcamerad, appdomain);
 binder_call(mm-qcamerad, hal_sensors_default);
+set_prop(mm-qcamerad, camera_prop);
 
 allow servicemanager mm-qcamerad:dir { search };
 allow servicemanager mm-qcamerad:file { read open };
diff --git a/sepolicy/qti.te b/sepolicy/qti.te
index b907b17..55e48e2 100644
--- a/sepolicy/qti.te
+++ b/sepolicy/qti.te
@@ -1 +1,2 @@
 get_prop(qti, diag_prop)
+allow qti diag_device:chr_file { read write };
diff --git a/sepolicy/rfs_access.te b/sepolicy/rfs_access.te
index 7d6aced..c0dca3e 100644
--- a/sepolicy/rfs_access.te
+++ b/sepolicy/rfs_access.te
@@ -1,3 +1,4 @@
 allow rfs_access self:capability net_raw;
 allow rfs_access persist_file:file { getattr open read rename setattr unlink write };
+allow rfs_access vendor_tombstone_data_file:dir search;
 
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index 9706b1e..2cbe8bf 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -2,6 +2,7 @@ get_prop(surfaceflinger, diag_prop);
 allow surfaceflinger perfd_data_file:sock_file write;
 allow surfaceflinger perfd_data_file:dir search;
 allow surfaceflinger perfd:unix_stream_socket connectto;
+allow surfaceflinger diag_device:chr_file { read write };
 
 binder_call(surfaceflinger, hwservicemanager)