diff --git a/sepolicy/qti/private/art_boot.te b/sepolicy/qti/private/art_boot.te
new file mode 100644
index 0000000..493fa34
--- /dev/null
+++ b/sepolicy/qti/private/art_boot.te
@@ -0,0 +1 @@
+allow art_boot self:capability sys_admin;
diff --git a/sepolicy/qti/private/fsverity_init.te b/sepolicy/qti/private/fsverity_init.te
new file mode 100644
index 0000000..2f91e0a
--- /dev/null
+++ b/sepolicy/qti/private/fsverity_init.te
@@ -0,0 +1 @@
+allow fsverity_init self:capability sys_admin;
diff --git a/sepolicy/qti/private/otapreopt_slot.te b/sepolicy/qti/private/otapreopt_slot.te
new file mode 100644
index 0000000..3acbaf0
--- /dev/null
+++ b/sepolicy/qti/private/otapreopt_slot.te
@@ -0,0 +1 @@
+allow otapreopt_slot self:capability sys_admin;
diff --git a/sepolicy/qti/private/profcollectd.te b/sepolicy/qti/private/profcollectd.te
new file mode 100644
index 0000000..e1c920e
--- /dev/null
+++ b/sepolicy/qti/private/profcollectd.te
@@ -0,0 +1 @@
+allow profcollectd self:capability sys_admin;
diff --git a/sepolicy/qti/private/remount.te b/sepolicy/qti/private/remount.te
new file mode 100644
index 0000000..910bcaa
--- /dev/null
+++ b/sepolicy/qti/private/remount.te
@@ -0,0 +1 @@
+allow remount self:capability sys_admin;
diff --git a/sepolicy/qti/private/update_verifier.te b/sepolicy/qti/private/update_verifier.te
new file mode 100644
index 0000000..a0da084
--- /dev/null
+++ b/sepolicy/qti/private/update_verifier.te
@@ -0,0 +1 @@
+allow update_verifier self:capability sys_admin;
diff --git a/sepolicy/qti/private/vendor_boringssl_self_test.te b/sepolicy/qti/private/vendor_boringssl_self_test.te
new file mode 100644
index 0000000..20b2810
--- /dev/null
+++ b/sepolicy/qti/private/vendor_boringssl_self_test.te
@@ -0,0 +1 @@
+allow vendor_boringssl_self_test self:capability sys_admin;
diff --git a/sepolicy/qti/public/adbd.te b/sepolicy/qti/public/adbd.te
new file mode 100644
index 0000000..83efdb9
--- /dev/null
+++ b/sepolicy/qti/public/adbd.te
@@ -0,0 +1 @@
+allow adbd self:capability sys_admin;
diff --git a/sepolicy/qti/public/netutils_wrapper.te b/sepolicy/qti/public/netutils_wrapper.te
new file mode 100644
index 0000000..98c6143
--- /dev/null
+++ b/sepolicy/qti/public/netutils_wrapper.te
@@ -0,0 +1 @@
+dontaudit netutils_wrapper self:capability sys_admin;
diff --git a/sepolicy/qti/public/vendor_dpmd.te b/sepolicy/qti/public/vendor_dpmd.te
new file mode 100644
index 0000000..e4722fb
--- /dev/null
+++ b/sepolicy/qti/public/vendor_dpmd.te
@@ -0,0 +1 @@
+allow vendor_dpmd self:capability sys_admin;
diff --git a/sepolicy/qti/public/vold_prepare_subdirs.te b/sepolicy/qti/public/vold_prepare_subdirs.te
new file mode 100644
index 0000000..41e98fe
--- /dev/null
+++ b/sepolicy/qti/public/vold_prepare_subdirs.te
@@ -0,0 +1 @@
+allow vold_prepare_subdirs self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/hal_bootctl_default.te b/sepolicy/qti/vendor/hal_bootctl_default.te
new file mode 100644
index 0000000..d2e1f75
--- /dev/null
+++ b/sepolicy/qti/vendor/hal_bootctl_default.te
@@ -0,0 +1 @@
+allow hal_bootctl_default self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_hal_perf_default.te b/sepolicy/qti/vendor/vendor_hal_perf_default.te
index ace5118..50859b4 100644
--- a/sepolicy/qti/vendor/vendor_hal_perf_default.te
+++ b/sepolicy/qti/vendor/vendor_hal_perf_default.te
@@ -1 +1,3 @@
+allow vendor_hal_perf_default self:capability sys_admin;
+
 r_dir_file(vendor_hal_perf_default, vendor_sysfs_usb_supply)
diff --git a/sepolicy/qti/vendor/vendor_hal_usb_qti.te b/sepolicy/qti/vendor/vendor_hal_usb_qti.te
new file mode 100644
index 0000000..7199450
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_hal_usb_qti.te
@@ -0,0 +1 @@
+allow vendor_hal_usb_qti self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_irsc_util.te b/sepolicy/qti/vendor/vendor_irsc_util.te
new file mode 100644
index 0000000..9aaccae
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_irsc_util.te
@@ -0,0 +1 @@
+allow vendor_irsc_util self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_modprobe.te b/sepolicy/qti/vendor/vendor_modprobe.te
new file mode 100644
index 0000000..3f3c5c4
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_modprobe.te
@@ -0,0 +1 @@
+allow vendor_modprobe self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_msm_irqbalanced.te b/sepolicy/qti/vendor/vendor_msm_irqbalanced.te
new file mode 100644
index 0000000..0bf0856
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_msm_irqbalanced.te
@@ -0,0 +1 @@
+allow vendor_msm_irqbalanced self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_netmgrd.te b/sepolicy/qti/vendor/vendor_netmgrd.te
new file mode 100644
index 0000000..d78fdb2
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_netmgrd.te
@@ -0,0 +1 @@
+allow vendor_netmgrd self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_rfs_access.te b/sepolicy/qti/vendor/vendor_rfs_access.te
new file mode 100644
index 0000000..523c9dd
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_rfs_access.te
@@ -0,0 +1 @@
+allow vendor_rfs_access self:capability sys_admin;
diff --git a/sepolicy/qti/vendor/vendor_rmt_storage.te b/sepolicy/qti/vendor/vendor_rmt_storage.te
index b7283d0..e0fb552 100644
--- a/sepolicy/qti/vendor/vendor_rmt_storage.te
+++ b/sepolicy/qti/vendor/vendor_rmt_storage.te
@@ -2,6 +2,8 @@ allow vendor_rmt_storage vendor_reserve_partition:blk_file rw_file_perms;
 
 allow vendor_rmt_storage sysfs:file read;
 
+allow vendor_rmt_storage self:capability sys_admin;
+
 get_prop(vendor_rmt_storage, vendor_radio_prop)
 
 rw_dir_file(vendor_rmt_storage, vendor_proc_engineer)