diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
index d28a479..6c25bef 100644
--- a/sepolicy/cameraserver.te
+++ b/sepolicy/cameraserver.te
@@ -1,2 +1,66 @@
-# Shouldn't do this here
+binder_call(cameraserver, servicemanager);
+
+allow cameraserver nfc_data_file:dir search;
+allow cameraserver nfc_data_file:fifo_file write;
+allow cameraserver nfc_data_file:fifo_file open;
+
+allow cameraserver sensorservice_service:service_manager { find };
+allow cameraserver system_file:dir { read open };
+
+allow cameraserver sdcardfs:dir { read write open getattr add_name remove_name rw_file_perms rmdir search };
+allow cameraserver sdcardfs:file { create open read write unlink getattr };
+allow cameraserver storage_file:dir search;
+
+allow cameraserver persist_file:file { read write open create getattr create_file_perms rw_file_perms };
+allow cameraserver persist_file:dir { read write open create_file_perms rw_file_perms search add_name create };
+allow cameraserver fuse:file { read write open create getattr create_file_perms rw_file_perms };
+allow cameraserver fuse:dir { read write open create_file_perms rw_file_perms search add_name create };
+allow cameraserver tmpfs:file { read write open create getattr create_file_perms rw_file_perms };
+allow cameraserver tmpfs:dir { read write open create_file_perms rw_file_perms search add_name create };
+allow cameraserver storage_file:dir r_dir_perms;
+allow cameraserver storage_file:lnk_file r_file_perms;
+allow cameraserver mnt_user_file:dir r_dir_perms;
+allow cameraserver mnt_user_file:lnk_file r_file_perms;
+allow cameraserver media_rw_data_file:dir { open read search write add_name };
+allow cameraserver media_rw_data_file:file { create read write open };
+
+allow cameraserver sysfs:file { open write };
+
+allow cameraserver cameraserver:process { execmem };
+
 allow cameraserver self:netlink_kobject_uevent_socket { read bind create setopt };
+allow cameraserver default_android_service:service_manager find;
+allow cameraserver rootfs:lnk_file getattr;
+allow cameraserver init:unix_dgram_socket { sendto};
+
+binder_call(cameraserver, hal_perf_default)
+binder_call(cameraserver, hal_configstore_default)
+
+####
+allow cameraserver debug_prop:file { r_file_perms };
+allow cameraserver debug_prop:property_service set;
+
+#######
+#allow cameraserver persist_file:file rw_file_perms;
+#allow cameraserver persist_file:file setattr;
+allow cameraserver shell_exec:file { read open execute };
+allow cameraserver self:socket create;
+allow cameraserver camera_prop:property_service set;
+allow cameraserver init:unix_stream_socket connectto;
+allow cameraserver sensors_persist_file:file { open read };
+allow cameraserver property_socket:sock_file write;
+#allow cameraserver cameraserver:socket { { getattr read ioctl lock } { append write lock } };
+allow cameraserver shell_exec:file { execute getattr };
+allow cameraserver system_file:file execute;
+
+allow cameraserver debugfs:dir { read open };
+
+allow cameraserver nfc_data_file:file { open write };
+allow cameraserver socket_device:sock_file write;
+
+allow cameraserver hal_perf_default:binder call;
+
+allow cameraserver sysfs_battery_supply:dir search;
+allow cameraserver sysfs_battery_supply:file { getattr open read };
+
+allow cameraserver camera_bgproc_service:service_manager { add find };
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index f147be5..0cbb89f 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -8,11 +8,15 @@
 # Binaries
 /system/bin/adspd                                        u:object_r:adspd_exec:s0
 /system/bin/charge_only_mode                             u:object_r:charge_only_exec:s0
-/system/bin/init\.mmi\.boot\.sh                          u:object_r:mmi_boot_exec:s0
-/system/bin/init\.mmi\.laser\.sh                         u:object_r:mmi_laser_exec:s0
-/system/bin/wlan_carrier_bin\.sh                         u:object_r:init_wifi_exec:s0
-/system/bin/motosh                                       u:object_r:sensor_hub_exec:s0
-/system/bin/akmd09912                                    u:object_r:akmd_exec:s0
+/system/vendor/bin/init\.mmi\.boot\.sh                          u:object_r:mmi_boot_exec:s0
+/system/vendor/bin/wlan_carrier_bin\.sh                         u:object_r:init_wifi_exec:s0
+/system/vendor/bin/init\.qti\.fm\.sh		u:object_r:qti_init_shell_exec:s0
+/system/vendor/bin/hw/motorola\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
+/system/vendor/lib/motorola\.hardware\.camera\.device@1\.0.so                  u:object_r:hal_camera_default_exec:s0
+/system/vendor/lib/motorola\.hardware\.camera\.provider@2\.4.so                u:object_r:hal_camera_default_exec:s0
+
+#binder to fix camera daemon
+/dev/binder(/.*)?                                                             u:object_r:binder_device:s0
 
 # CMActions
 /sys/homebutton(/.*)?                                    u:object_r:sysfs_homebutton:s0
diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..f6dfc47
--- /dev/null
+++ b/sepolicy/hal_camera_default.te
@@ -0,0 +1,12 @@
+allow hal_camera_default gpu_device:dir r_dir_perms;
+allow hal_camera_default gpu_device:file r_file_perms;
+allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow hal_camera_default hal_configstore_default:binder call;
+allow hal_camera_default unlabeled:file {open getattr read };
+allow hal_camera_default camera_data_file:sock_file write;
+allow hal_camera_default persist_file:file { rw_file_perms setattr };
+allow hal_camera_default hal_graphics_allocator_hwservice:hwservice_manager { find };
+allow hal_camera_default system_server:unix_stream_socket { read write };
+
+binder_call(hal_camera_default, hal_configstore_default)
+binder_call(hal_camera_default, hal_graphics_allocator_default)
diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts
new file mode 100644
index 0000000..221b4ca
--- /dev/null
+++ b/sepolicy/hwservice_contexts
@@ -0,0 +1,2 @@
+motorola.hardware.camera.provider::ICameraProvider          u:object_r:hal_camera_hwservice:s0
+motorola.hardware.mods_camera.provider::ICameraProvider     u:object_r:hal_camera_hwservice:s0
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index be8faed..ccd255c 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -1,4 +1,33 @@
+type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket1";
+type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket2";
+allow mm-qcamerad camera_socket:sock_file { create unlink write };
+
+binder_call(mm-qcamerad, servicemanager);
+binder_use(mm-qcamerad);
+binder_call(mm-qcamerad, binderservicedomain);
+binder_call(mm-qcamerad, appdomain);
+binder_call(mm-qcamerad, hal_sensors_default);
+set_prop(mm-qcamerad, camera_prop);
+
+allow servicemanager mm-qcamerad:dir { search };
+allow servicemanager mm-qcamerad:file { read open };
+allow servicemanager mm-qcamerad:process { getattr };
+
+allow mm-qcamerad camera_data_file:sock_file { create unlink write };
+allow mm-qcamerad system_server:unix_stream_socket rw_socket_perms;
+allow mm-qcamerad sensorservice_service:service_manager find;
+allow mm-qcamerad vendor_camera_data_file:file rw_file_perms;
+allow mm-qcamerad permission_service:service_manager find;
 allow mm-qcamerad debug_prop:property_service set;
 allow mm-qcamerad persist_file:dir search;
 allow mm-qcamerad persist_file:file { read getattr open };
 allow mm-qcamerad system_data_file:dir read;
+
+allow mm-qcamerad init:unix_stream_socket { read write };
+allow mm-qcamerad sysfs_graphics:file r_file_perms;
+
+allow mm-qcamerad hal_sensors_default:unix_stream_socket { read write };
+
+allow mm-qcamerad hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow mm-qcamerad hal_configstore_default:binder call;
+
diff --git a/sepolicy/servicemanager.te b/sepolicy/servicemanager.te
new file mode 100644
index 0000000..f123bf1
--- /dev/null
+++ b/sepolicy/servicemanager.te
@@ -0,0 +1,45 @@
+allow servicemanager init:dir search;
+allow servicemanager init:file { open read };
+allow servicemanager init:process getattr;
+allow servicemanager qseeproxy:dir search;
+allow servicemanager qseeproxy:file { open read };
+allow servicemanager rild:dir search;
+allow servicemanager rild:file { open read };
+allow servicemanager rild:process getattr;
+
+allow servicemanager hal_fingerprint_default:dir search;
+allow servicemanager hal_fingerprint_default:file read;
+allow servicemanager qseeproxy:process getattr;
+
+
+allow servicemanager hal_camera_default:dir search;
+allow servicemanager hal_camera_default:file r_file_perms;
+allow servicemanager hal_camera_default:process getattr;
+
+allow servicemanager hal_fingerprint_default:file open;
+allow servicemanager hal_fingerprint_default:process getattr;
+
+allow servicemanager wcnss_service:dir search;
+allow servicemanager wcnss_service:file { open read };
+
+allow servicemanager esepmdaemon:dir search;
+allow servicemanager esepmdaemon:file { open read };
+allow servicemanager esepmdaemon:process getattr;
+
+allow servicemanager per_mgr:dir search;
+allow servicemanager per_mgr:file { open read };
+allow servicemanager per_mgr:process getattr;
+allow servicemanager wcnss_service:process getattr;
+
+allow servicemanager hal_gnss_qti:dir search;
+allow servicemanager hal_gnss_qti:file { open read };
+allow servicemanager hal_gnss_qti:process getattr;
+
+allow servicemanager hal_sensors_default:dir search;
+allow servicemanager hal_sensors_default:file { open read };
+allow servicemanager hal_sensors_default:process getattr;
+
+allow servicemanager sensors:dir search;
+allow servicemanager sensors:file { open read };
+allow servicemanager sensors:process getattr;
+