Merge tag 'LA.UM.5.5.r1-00900-8x96.0' of git://codeaurora.org/device/qcom/sepolicy into cm-14.0

"LA.UM.5.5.r1-00900-8x96.0"

Change-Id: I1a53f98a3bfb51c0b087be8ce85d420419fa5aa1

99 files changed, 1741 insertions, 20 deletions

diff --git a/common/audioserver.te b/common/audioserver.te
index c428fd75..a1b74afb 100644
--- a/common/audioserver.te
+++ b/common/audioserver.te
@@ -44,3 +44,9 @@ allow audioserver debugfs:file rw_file_perms;
 # Allow audioserver to create socket files for audio arbitration
 allow audioserver audio_data_file:sock_file { create setattr unlink };
 allow audioserver audio_data_file:dir remove_name;
+
+# Allow audioserver to access sysfs nodes
+allow audioserver sysfs:file rw_file_perms;
+userdebug_or_eng(`
+  diag_use(audioserver)
+')
diff --git a/common/cameraserver.te b/common/cameraserver.te
index b45b77d8..a0777d79 100644
--- a/common/cameraserver.te
+++ b/common/cameraserver.te
@@ -43,3 +43,16 @@ allow cameraserver system_server:unix_stream_socket { read write };
 
 #Allow read access to soc/msm-cam/video4linux/video0/name sysfs
 allow cameraserver sysfs:file r_file_perms;
+
+allow cameraserver persist_file:dir r_dir_perms;
+allow cameraserver camera_prop:property_service set;
+unix_socket_connect(cameraserver,property,init);
+allow cameraserver self:socket create_socket_perms;
+allow cameraserver sensors_persist_file:dir r_dir_perms;
+allow cameraserver sensors_persist_file:file r_file_perms;
+allow cameraserver graphics_device:dir r_dir_perms;
+allow cameraserver sensorservice_service:service_manager find;
+allow cameraserver system_file:dir r_dir_perms;
+
+#Allows camera to call ADSP QDSP6 functionality
+allow cameraserver qdsp_device:chr_file r_file_perms;
diff --git a/common/cnd.te b/common/cnd.te
index 44cdb1eb..54be97a1 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -87,3 +87,8 @@ domain_auto_trans(cnd, hostapd_exec, hostapd)
 # only allow getopt for appdomain
 allow appdomain zygote:unix_dgram_socket getopt;
 dontaudit { domain -appdomain } zygote:unix_dgram_socket getopt;
+
+#diag
+userdebug_or_eng(`
+    diag_use(cnd)
+')
diff --git a/common/dataservice_app.te b/common/dataservice_app.te
index db123df8..9c48a601 100644
--- a/common/dataservice_app.te
+++ b/common/dataservice_app.te
@@ -52,3 +52,7 @@ dontaudit dataservice_app domain:dir r_dir_perms;
 
 #allow dpmservice to get running time for apps
 r_dir_file(dataservice_app, appdomain)
+
+userdebug_or_eng(`
+  diag_use(dataservice_app)
+')
diff --git a/common/device.te b/common/device.te
index 443228d7..362be377 100644
--- a/common/device.te
+++ b/common/device.te
@@ -69,9 +69,6 @@ type efs_boot_dev, dev_type;
 #MBA debug image partition
 type mba_debug_dev, dev_type;
 
-#Misc partition
-type misc_partition, dev_type;
-
 #logdump partition
 type logdump_partition, dev_type;
 
@@ -86,6 +83,24 @@ type ipa_dev, dev_type;
 
 type wcnss_device, dev_type;
 
+# Define spcom device
+type spcom_device, dev_type;
+
+# Define skp device
+type skp_device, dev_type;
+
+# Define sp_ssr device
+type sp_ssr_device, dev_type;
+
+# Define sp_keymaster device
+type sp_keymaster_device, dev_type;
+
+# Define cryptoapp device
+type cryptoapp_device, dev_type;
+
+# Define qsee_ipc_irq_spss device
+type qsee_ipc_irq_spss_device, dev_type;
+
 # Define QDSS devices
 type qdss_device, dev_type;
 
diff --git a/common/domain.te b/common/domain.te
index e831bb47..8a747e5c 100644
--- a/common/domain.te
+++ b/common/domain.te
@@ -1,5 +1,3 @@
-allow  { domain -untrusted_app } diag_device:chr_file rw_file_perms;
-
 r_dir_file(domain, sysfs_socinfo);
 r_dir_file(domain, sysfs_esoc);
 r_dir_file(domain, sysfs_ssr);
diff --git a/common/dpmd.te b/common/dpmd.te
index f94953ee..4b92e91b 100644
--- a/common/dpmd.te
+++ b/common/dpmd.te
@@ -71,3 +71,8 @@ dpmd_socket_perm(netd)
 
 #explicitly allow udp socket permissions for appdomain
 allow dpmd appdomain:udp_socket rw_socket_perms;
+
+#diag
+userdebug_or_eng(`
+    diag_use(dpmd)
+')
diff --git a/common/energyawareness.te b/common/energyawareness.te
index cdef9f0f..9a953704 100755
--- a/common/energyawareness.te
+++ b/common/energyawareness.te
@@ -12,3 +12,10 @@ allow energyawareness self:netlink_kobject_uevent_socket create_socket_perms;
 allow energyawareness self:capability net_admin;
 
 allow energyawareness sysfs:file w_file_perms;
+
+#debugfs access
+userdebug_or_eng(`
+typeattribute energyawareness qti_debugfs_domain;
+allow energyawareness debugfs:dir r_dir_perms;
+allow energyawareness debugfs:file rw_file_perms;
+')
diff --git a/common/file.te b/common/file.te
index 81a36f94..2d31a6d4 100644
--- a/common/file.te
+++ b/common/file.te
@@ -89,6 +89,9 @@ type gamed_socket, file_type;
 type iop_socket, file_type;
 type iop_data_file, file_type, data_file_type;
 
+# SPSS Apps images location
+type spss_data_file, file_type, data_file_type;
+
 #mm-qcamera-daemon socket
 type camera_socket, file_type;
 
@@ -198,3 +201,8 @@ type dynamic_nv_data_file, file_type, data_file_type;
 type wififtmd_socket, file_type;
 
 type persist_alarm_file, file_type;
+
+type persist_time_file, file_type;
+
+# kgsl file type for sysfs access
+type sysfs_kgsl, sysfs_type, fs_type;
diff --git a/common/file_contexts b/common/file_contexts
index 781c3f12..5793b770 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -10,12 +10,19 @@
 /dev/bhi                                        u:object_r:bhi_device:s0
 /dev/msm_.*                                     u:object_r:audio_device:s0
 /dev/i2c-6                                      u:object_r:audio_device:s0
+/dev/wcd-dsp-glink                              u:object_r:audio_device:s0
 /dev/usf1                                       u:object_r:usf_device:s0
 /dev/msm_dsps                                   u:object_r:sensors_device:s0
 /dev/msm_thermal_query                          u:object_r:thermal_device:s0
 /dev/nfc-nci                                    u:object_r:nfc_device:s0
 /dev/nq-nci                                     u:object_r:nfc_device:s0
 /dev/qseecom                                    u:object_r:tee_device:s0
+/dev/spcom                                      u:object_r:spcom_device:s0
+/dev/sp_kernel                                  u:object_r:skp_device:s0
+/dev/sp_ssr                                     u:object_r:sp_ssr_device:s0
+/dev/sp_keymaster                               u:object_r:sp_keymaster_device:s0
+/dev/cryptoapp                                  u:object_r:cryptoapp_device:s0
+/dev/qsee_ipc_irq_spss                          u:object_r:qsee_ipc_irq_spss_device:s0
 /dev/seemplog                                   u:object_r:seemplog_device:s0
 /dev/radio0                                     u:object_r:fm_radio_device:s0
 /dev/rtc0                                       u:object_r:rtc_device:s0
@@ -65,6 +72,9 @@
 /dev/qbt1000                                    u:object_r:qbt1000_device:s0
 /dev/at_.*                                      u:object_r:at_device:s0
 /dev/sg.*                                       u:object_r:sg_device:s0
+/dev/dri/card0                                  u:object_r:graphics_device:s0
+/dev/dri/controlD64                             u:object_r:graphics_device:s0
+/dev/dri/renderD128                             u:object_r:graphics_device:s0
 
 ###################################
 # Dev block nodes
@@ -168,6 +178,7 @@
 /system/bin/tftp_server                         u:object_r:rfs_access_exec:s0
 /system/bin/hvdcp                               u:object_r:hvdcp_exec:s0
 /system/bin/qseecomd                            u:object_r:tee_exec:s0
+/system/bin/spdaemon                            u:object_r:spdaemon_exec:s0
 /system/bin/hostapd_cli                         u:object_r:hostapd_exec:s0
 /system/bin/adsprpcd                            u:object_r:adsprpcd_exec:s0
 /system/bin/wpa_cli                             u:object_r:wcnss_service_exec:s0
@@ -266,9 +277,9 @@
 /sys/module/msm_thermal(/.*)?                                       u:object_r:sysfs_thermal:s0
 /sys/module/msm_thermal/core_control/cpus_offlined                  u:object_r:sysfs_mpdecision:s0
 /sys/devices/f9a55000.*/power_supply/usb(/.*)?                      u:object_r:sysfs_usb_supply:s0
-/sys/devices/virtual/graphics/fb([0-2])+/hpd                        u:object_r:sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-2])+/res_info                   u:object_r:sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-2])+/s3d_mode                   u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/hpd                        u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/res_info                   u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/s3d_mode                   u:object_r:sysfs_graphics:s0
 /sys/class/graphics/fb([0-2])+/mdp/caps                             u:object_r:sysfs_graphics:s0
 /sys/class/graphics/fb([0-2])+/ad                                   u:object_r:sysfs_graphics:s0
 /sys/bus/platform/drivers/xhci_msm_hsic(/.*)?                       u:object_r:sysfs_hsic:s0
@@ -307,6 +318,7 @@
 /data/misc/ipa(/.*)?                                                u:object_r:ipacm_data_file:s0
 /data/dpm(/.*)?                                                     u:object_r:dpmd_data_file:s0
 /data/misc/qsee(/.*)?                                               u:object_r:data_qsee_file:s0
+/data/misc/spss(/.*)?                                               u:object_r:spss_data_file:s0
 /data/misc/location(/.*)?                                           u:object_r:location_data_file:s0
 /data/misc/location/mq/location-mq-s                                u:object_r:location_socket:s0
 /data/misc/location/mq/alarm_svc                                    u:object_r:location_socket:s0
@@ -341,6 +353,7 @@
 /persist/drm(/.*)?                                                  u:object_r:persist_drm_file:s0
 /persist/sensors(/.*)?                                              u:object_r:sensors_persist_file:s0
 /persist/alarm(/.*)?                                                u:object_r:persist_alarm_file:s0
+/persist/time(/.*)?                                                 u:object_r:persist_time_file:s0
 /persist/data(/.*)?                                                 u:object_r:persist_drm_file:s0
 /persist/data/tz(/.*)?                                              u:object_r:persist_drm_file:s0
 /persist/data/sfs(/.*)?                                             u:object_r:persist_drm_file:s0
diff --git a/common/hbtp.te b/common/hbtp.te
index f8f3377e..25a2a7a9 100644
--- a/common/hbtp.te
+++ b/common/hbtp.te
@@ -5,7 +5,7 @@ type hbtp_exec, exec_type, file_type;
 init_daemon_domain(hbtp)
 
 # Allow access for /dev/hbtp_input and /dev/jdi-bu21150
-allow hbtp { hbtp_device qdsp_device bu21150_device }:chr_file rw_file_perms;
+allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device }:chr_file rw_file_perms;
 
 allow hbtp hbtp_log_file:dir rw_dir_perms;
 allow hbtp hbtp_log_file:file create_file_perms;
diff --git a/common/ims.te b/common/ims.te
index 2f74bb7c..68a6a5ac 100644
--- a/common/ims.te
+++ b/common/ims.te
@@ -63,3 +63,8 @@ netmgr_socket(ims);
 
 # Inherit and use open files from radio.
 allow ims radio:fd use;
+
+#diag
+userdebug_or_eng(`
+    diag_use(ims)
+')
diff --git a/common/init.te b/common/init.te
index 02d804cd..6cde24b0 100644
--- a/common/init.te
+++ b/common/init.te
@@ -27,3 +27,7 @@ allow init { domain -lmkd }:process noatsecure;
 allow init configfs:dir r_dir_perms;
 allow init configfs:file { rw_file_perms link };
 allow init configfs:lnk_file create_file_perms;
+
+#Allow init to mount non-hlos partitions in A/B builds
+allow init firmware_file:dir { mounton };
+allow init bt_firmware_file:dir { mounton };
diff --git a/common/init_shell.te b/common/init_shell.te
index 6af44dc5..487caf05 100644
--- a/common/init_shell.te
+++ b/common/init_shell.te
@@ -31,6 +31,8 @@ allow qti_init_shell vm_bms_device:chr_file getattr;
 # create/open, read/write permission for fm calibration file.
 allow qti_init_shell fm_data_file: file create_file_perms;
 
+allow qti_init_shell gpu_device:chr_file getattr;
+
 # for insmod of iris ko, this is needed.
 # dac_read/override is needed for scripts to do chown/mkdir which is
 # needed by most of the services
@@ -74,6 +76,7 @@ allow qti_init_shell {
     ctl_qmuxd_prop
     ctl_netmgrd_prop
     ctl_port-bridge_prop
+    sdm_idle_time_prop
     sf_lcd_density_prop
     opengles_prop
     mdm_helper_prop
@@ -93,6 +96,7 @@ allow qti_init_shell {
     sys_usb_configfs_prop
     #Needed for setting hwui properties in post_boot
     hwui_prop
+    graphics_vulkan_prop
 }:property_service set;
 
 allow qti_init_shell efs_boot_dev:blk_file r_file_perms;
@@ -112,7 +116,8 @@ allow qti_init_shell {
 
 r_dir_file(qti_init_shell, sysfs_thermal)
 allow qti_init_shell sysfs_socinfo:file write;
-
+allow qti_init_shell sysfs:{ dir file lnk_file } relabelfrom;
+allow qti_init_shell sysfs_devices_system_cpu: { dir file lnk_file } relabelto;
 # Check if /dev/sensors or /dev/msm_dsps present
 allow qti_init_shell sensors_data_file:dir r_dir_perms;
 allow qti_init_shell sensors_device:chr_file r_file_perms;
@@ -184,3 +189,6 @@ allow qti_init_shell persist_alarm_file:file r_file_perms;
 #Allow /sys access to write zram disksize
 allow qti_init_shell sysfs_zram:dir r_dir_perms;
 allow qti_init_shell sysfs_zram:file w_file_perms;
+
+# To get GPU frequencies
+allow qti_init_shell sysfs_kgsl:file r_file_perms;
diff --git a/common/ipacm.te b/common/ipacm.te
index 087092f2..000bfa5e 100644
--- a/common/ipacm.te
+++ b/common/ipacm.te
@@ -12,8 +12,12 @@ net_domain(ipacm)
 userdebug_or_eng(`
   # Allow using the logging file between ipacm and ipacm-diag
   unix_socket_send(ipacm, ipacm, ipacm-diag)
+  diag_use(ipacm-diag)
 ')
 
+# Allow capabilities to create netfilter_socket
+allow ipacm self:netlink_netfilter_socket create_socket_perms;
+
 # Allow capabilities to perform network operations and interactions with network interfaces
 allow ipacm ipacm:capability net_admin;
 
diff --git a/common/location.te b/common/location.te
index 2dfec3ba..a72adc11 100644
--- a/common/location.te
+++ b/common/location.te
@@ -41,7 +41,11 @@ allow location sensors_persist_file:dir r_dir_perms;
 allow location sensors_persist_file:file r_file_perms;
 
 #wifi
-allow location wifi_data_file:dir r_dir_perms;
+userdebug_or_eng(`
+allow location wifi_data_file:dir create_dir_perms;
+allow location wifi_data_file:sock_file create_file_perms;
+allow location su:unix_dgram_socket sendto;
+')
 unix_socket_send(wpa, location, location)
 allow location wpa:unix_dgram_socket sendto;
 allow location wpa_socket:dir rw_dir_perms;
@@ -59,3 +63,8 @@ netmgr_socket(location);
 
 #Allow access to properties
 set_prop(location, location_prop);
+
+#diag
+userdebug_or_eng(`
+    diag_use(location)
+')
diff --git a/common/location_app.te b/common/location_app.te
index 3fe928a7..799bc4d8 100644
--- a/common/location_app.te
+++ b/common/location_app.te
@@ -9,6 +9,7 @@ userdebug_or_eng(`
   net_domain(location_app)
   allow location_app { adbd su }:unix_stream_socket connectto;
   allow location_app mediaserver_service:service_manager find;
+  diag_use(location_app)
 ')
 
 allow location_app surfaceflinger_service:service_manager find;
diff --git a/common/mdtp.te b/common/mdtp.te
index 0d1e8511..c0f49e48 100644
--- a/common/mdtp.te
+++ b/common/mdtp.te
@@ -37,6 +37,7 @@ userdebug_or_eng(`
     #Needed for kill(pid, 0) existance test
     allow mdtpdaemon su:process signull;
     allow mdtpdaemon self:capability kill;
+    diag_use(mdtpdaemon)
 ')
 
 #Allow for transition from init domain to mdtpdaemon
diff --git a/common/mmi.te b/common/mmi.te
index 1a7dc286..92e1ebcd 100755
--- a/common/mmi.te
+++ b/common/mmi.te
@@ -36,15 +36,14 @@ allow mmi persist_file:dir r_dir_perms;
 allow mmi sensors_persist_file:dir create_dir_perms;
 allow mmi sensors_persist_file:file create_file_perms;
 
-#allow mmi operation on MISC partition
-allow mmi misc_partition:blk_file w_file_perms;
-
 #wifi case
 allow mmi system_file:file x_file_perms;
 allow mmi wpa_exec:file rx_file_perms;
 allow mmi wcnss_service_exec:file rx_file_perms;
 allow mmi kernel:key search;
 allow mmi kernel:system module_request;
+allow mmi toolbox_exec:file rx_file_perms;
+allow mmi system_file:system module_load;
 
 #audio case
 allow mmi audio_device:dir r_dir_perms;
@@ -113,3 +112,10 @@ unix_socket_connect(mmi, cnd, cnd);
 unix_socket_connect(mmi, dpmwrapper, dpmd);
 unix_socket_connect(mmi, netmgrd, netmgrd);
 net_domain(mmi);
+
+#allow mmi access boot mode switch
+allow mmi boot_mode_prop:property_service set;
+#diag
+userdebug_or_eng(`
+    diag_use(mmi)
+')
diff --git a/common/netmgrd.te b/common/netmgrd.te
index 052b464e..ff913442 100644
--- a/common/netmgrd.te
+++ b/common/netmgrd.te
@@ -6,6 +6,7 @@ init_daemon_domain(netmgrd)
 userdebug_or_eng(`
   domain_auto_trans(shell, netmgrd_exec, netmgrd)
   domain_auto_trans(adbd, netmgrd_exec, netmgrd)
+  diag_use(netmgrd)
 ')
 
 #Allow files to be written during the operation of netmgrd
@@ -33,6 +34,7 @@ allow netmgrd netmgrd:socket { create ioctl };
 allow netmgrd netmgrd:netlink_route_socket { setopt getattr write nlmsg_write };
 unix_socket_connect(netmgrd, property, init)
 allow netmgrd self:netlink_generic_socket create_socket_perms;
+allow netmgrd self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read nlmsg_write };
 
 unix_socket_connect(netmgrd, cnd, cnd);
 
diff --git a/common/perfd.te b/common/perfd.te
index 981a9896..fb857290 100644
--- a/common/perfd.te
+++ b/common/perfd.te
@@ -55,3 +55,6 @@ allow perfd {
 
 #Allow perfd to set properties
 set_prop(perfd, freq_prop)
+
+#Allow writes to /dev/cpu_dma_latency
+allow perfd device_latency:chr_file w_file_perms;
diff --git a/common/platform_app.te b/common/platform_app.te
index bc558e90..0dd94ddc 100644
--- a/common/platform_app.te
+++ b/common/platform_app.te
@@ -10,7 +10,7 @@ binder_call(platform_app, secotad)
 
 # Allow platform apps to interact with imscm daemon
 binder_call(platform_app, imscm)
-
+allow platform_app imscm_service:service_manager find;
 allow platform_app color_service:service_manager find;
 
 # Allow NFC service to be found
diff --git a/common/port-bridge.te b/common/port-bridge.te
index 8a74d497..83c993cd 100644
--- a/common/port-bridge.te
+++ b/common/port-bridge.te
@@ -5,6 +5,7 @@ init_daemon_domain(port-bridge)
 userdebug_or_eng(`
   domain_auto_trans(shell, port-bridge_exec, netmgrd)
   domain_auto_trans(adbd, port-bridge_exec, netmgrd)
+  diag_use(port-bridge)
 ')
 
 # Allow operations on different types of sockets
diff --git a/common/property.te b/common/property.te
index 6258e3ee..90a55cfd 100644..100755
--- a/common/property.te
+++ b/common/property.te
@@ -41,6 +41,8 @@ type ipacm-diag_prop, property_type;
 type sensors_prop, property_type;
 type msm_irqbalance_prop, property_type;
 type camera_prop, property_type, core_property_type;
+type spcomlib_prop, property_type;
+type sdm_idle_time_prop, property_type, core_property_type;
 type sf_lcd_density_prop, property_type, core_property_type;
 type opengles_prop, property_type, core_property_type;
 type mdm_helper_prop, property_type;
@@ -87,3 +89,7 @@ type alarm_instance_prop, property_type, core_property_type;
 
 #HWUI property
 type hwui_prop, property_type, core_property_type;
+
+type graphics_vulkan_prop, property_type, core_property_type;
+#boot mode property
+type boot_mode_prop, property_type;
diff --git a/common/property_contexts b/common/property_contexts
index 939600d5..bb4720d9 100644..100755
--- a/common/property_contexts
+++ b/common/property_contexts
@@ -46,8 +46,11 @@ ctl.ipacm-diag             u:object_r:ipacm-diag_prop:s0
 ctl.qti                    u:object_r:qti_prop:s0
 ctl.sensors                u:object_r:sensors_prop:s0
 ctl.msm_irqbalance         u:object_r:msm_irqbalance_prop:s0
+ctl.msm_irqbal_lb          u:object_r:msm_irqbalance_prop:s0
 camera.                    u:object_r:camera_prop:s0
 persist.camera.            u:object_r:camera_prop:s0
+spcomlib.                    u:object_r:spcomlib_prop:s0
+sdm.idle_time              u:object_r:sdm_idle_time_prop:s0
 ro.sf.lcd_density             u:object_r:sf_lcd_density_prop:s0
 ro.opengles.version           u:object_r:opengles_prop:s0
 ro.qualcomm.bt.hci_transport  u:object_r:bluetooth_prop:s0
@@ -79,3 +82,8 @@ ro.alarm_handled           u:object_r:alarm_handled_prop:s0
 ro.alarm_instance          u:object_r:alarm_instance_prop:s0
 #HWUI Property
 ro.hwui.texture_cache_size u:object_r:hwui_prop:s0
+persist.graphics.vulkan.disable     u:object_r:graphics_vulkan_prop:s0
+#boot mode property
+sys.boot_mode              u:object_r:boot_mode_prop:s0
+# GPU
+ro.gpu.available_frequencies u:object_r:freq_prop:s0
diff --git a/common/qcomsysd.te b/common/qcomsysd.te
index 9215305d..c1257cb8 100644
--- a/common/qcomsysd.te
+++ b/common/qcomsysd.te
@@ -10,7 +10,6 @@ allow qcomsysd smem_log_device:chr_file rw_file_perms;
 #Needed to read/write cookies to the misc partition
 allow qcomsysd block_device:dir r_dir_perms;
 allow qcomsysd {
-    misc_partition
     #Needed to access the bootselect partition
     bootselect_device
 }:blk_file rw_file_perms;
@@ -21,3 +20,10 @@ allow qcomsysd sysfs_socinfo:file w_file_perms;
 
 allow qcomsysd self:capability { dac_override sys_boot };
 use_per_mgr(qcomsysd);
+#allow qcomsysd access boot mode switch
+allow qcomsysd boot_mode_prop:property_service set;
+
+#diag
+userdebug_or_eng(`
+    diag_use(qcomsysd)
+')
diff --git a/common/qfp-daemon.te b/common/qfp-daemon.te
index ccd60240..f7ddb32f 100644
--- a/common/qfp-daemon.te
+++ b/common/qfp-daemon.te
@@ -66,3 +66,8 @@ allow qfp-daemon sensors:unix_stream_socket connectto;
 # Allow listing input devices and sending input events
 allow qfp-daemon input_device:chr_file rw_file_perms;
 allow qfp-daemon input_device:dir r_dir_perms;
+
+#diag
+userdebug_or_eng(`
+    diag_use(qfp-daemon)
+')
diff --git a/common/qlogd.te b/common/qlogd.te
index ed51cddd..4740e58b 100644
--- a/common/qlogd.te
+++ b/common/qlogd.te
@@ -50,6 +50,7 @@ userdebug_or_eng(`
   allow qlogd sysfs:file w_file_perms;
   r_dir_file(qlogd, storage_file)
   r_dir_file(qlogd, mnt_user_file)
+  diag_use(qlogd)
 ')
 
 # need for capture adb logs
diff --git a/common/qseecomd.te b/common/qseecomd.te
index 6f21134b..a2118202 100644
--- a/common/qseecomd.te
+++ b/common/qseecomd.te
@@ -71,6 +71,9 @@ allow tee system_prop:property_service set;
 allow tee qfp-daemon_data_file:dir create_dir_perms;
 allow tee qfp-daemon_data_file:file create_file_perms;
 
+# Allow access to qsee_ipc_irq_spss device
+allow tee qsee_ipc_irq_spss_device:chr_file rw_file_perms;
+
 #allow access to fingerprintd data file
 allow tee fingerprintd_data_file:dir create_dir_perms;
 allow tee fingerprintd_data_file:file create_file_perms;
diff --git a/common/qti-logkit.te b/common/qti-logkit.te
index db03c406..b1f9d552 100644
--- a/common/qti-logkit.te
+++ b/common/qti-logkit.te
@@ -64,6 +64,7 @@ userdebug_or_eng(`
   # tcpdump
   allow qti_logkit self:packet_socket create_socket_perms;
   allow qti_logkit self:capability net_raw;
+  diag_use(qti_logkit)
 ')
 
 binder_use(qti_logkit)
diff --git a/common/qti.te b/common/qti.te
index 5b4827e4..921f083e 100644
--- a/common/qti.te
+++ b/common/qti.te
@@ -28,3 +28,8 @@ allow qti self:{
 } create_socket_perms;
 
 allow qti { shell_exec system_file }:file rx_file_perms;
+
+#diag
+userdebug_or_eng(`
+    diag_use(qti)
+')
diff --git a/common/radio.te b/common/radio.te
index 433e719a..fcec958d 100644
--- a/common/radio.te
+++ b/common/radio.te
@@ -12,6 +12,10 @@ allow radio avtimer_device:chr_file r_file_perms;
 
 allow radio uce_service:service_manager { add find };
 
-allow radio cameraserver_service:service_manager find;
-
 allow radio self:socket create_socket_perms;
+
+allow radio { cameraserver_service mediaextractor_service mediacodec_service }:service_manager find;
+#diag
+userdebug_or_eng(`
+    diag_use(radio)
+')
diff --git a/common/rfs_access.te b/common/rfs_access.te
index 69c14e65..318fffc1 100644
--- a/common/rfs_access.te
+++ b/common/rfs_access.te
@@ -53,6 +53,7 @@ allow rfs_access self:capability {
     setuid
     setgid
     setpcap
+    net_bind_service
     net_raw
 };
 
@@ -62,6 +63,9 @@ allow rfs_access self:capability {
 
 allow rfs_access self:capability { dac_read_search chown dac_override };
 
+#For access to the kmsg device
+allow rfs_access kmsg_device:chr_file w_file_perms;
+
 #Prevent other domains from accessing RFS data files.
 neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:dir create_dir_perms;
 neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:file create_file_perms;
diff --git a/common/rild.te b/common/rild.te
index 62668a21..6d1fe057 100644
--- a/common/rild.te
+++ b/common/rild.te
@@ -30,3 +30,8 @@ allow rild { mediaserver_service audioserver_service }:service_manager find;
 
 # Rule for RILD to talk to peripheral manager
 use_per_mgr(rild);
+
+#diag
+userdebug_or_eng(`
+    diag_use(rild)
+')
diff --git a/common/rmt_storage.te b/common/rmt_storage.te
index 83feeedb..f043becc 100644
--- a/common/rmt_storage.te
+++ b/common/rmt_storage.te
@@ -18,6 +18,7 @@ allow rmt_storage self:capability {
     setgid
     sys_admin
     dac_override
+    net_bind_service
     net_raw
     setpcap
 };
@@ -31,3 +32,13 @@ wakelock_use(rmt_storage)
 
 allow rmt_storage self:socket create_socket_perms;
 allow rmt_storage uio_device:chr_file rw_file_perms;
+
+#For access to the kmsg device
+allow rmt_storage kmsg_device:chr_file w_file_perms;
+
+#debugfs access
+userdebug_or_eng(`
+typeattribute rmt_storage qti_debugfs_domain;
+allow rmt_storage debugfs:dir r_dir_perms;
+allow rmt_storage debugfs:file rw_file_perms;
+')
diff --git a/common/sensors.te b/common/sensors.te
index 9e3cbdb4..3039434b 100644
--- a/common/sensors.te
+++ b/common/sensors.te
@@ -58,6 +58,7 @@ allow sensors device_latency:chr_file w_file_perms;
 # Access to tests from userdebug/eng builds
 userdebug_or_eng(`
   domain_auto_trans(shell, sensors_exec, sensors)
+  diag_use(sensors)
 ')
 
 binder_use(sensors)
diff --git a/common/spdaemon.te b/common/spdaemon.te
new file mode 100644
index 00000000..0a78b9c8
--- /dev/null
+++ b/common/spdaemon.te
@@ -0,0 +1,71 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# spdaemon service
+type spdaemon, domain;
+
+type spdaemon_exec, exec_type, file_type;
+
+init_daemon_domain(spdaemon)
+
+# Allow access to spcom device
+allow spdaemon spcom_device:chr_file rw_file_perms;
+
+# Allow access to skp device
+allow spdaemon skp_device:chr_file rw_file_perms;
+
+# Allow access to sp_ssr device
+allow spdaemon sp_ssr_device:chr_file rw_file_perms;
+
+# Allow access to sp_keymaster device
+allow spdaemon sp_keymaster_device:chr_file rw_file_perms;
+
+# Allow access to cryptoapp device
+allow spdaemon cryptoapp_device:chr_file rw_file_perms;
+
+# Allow access to ion device
+allow spdaemon ion_device:chr_file rw_file_perms;
+
+# Allow to load SPSS firmware images
+r_dir_file(spdaemon, firmware_file);
+
+# Allow to load SPSS Apps images
+allow spdaemon spss_data_file:dir r_dir_perms;
+allow spdaemon spss_data_file:file r_file_perms;
+
+# Allow check SPSS Apps images stat()
+allow spdaemon spss_data_file:file getattr;
+
+# Allow get system info
+r_dir_file(spdaemon, sysfs)
+
+# Allow SPSS-PIL via Peripheral Manager
+binder_use(spdaemon)
+use_per_mgr(spdaemon)
+
+# Allow set/get prop to set/check if app is loaded
+set_prop(spdaemon, spcomlib_prop)
diff --git a/common/ssr_diag.te b/common/ssr_diag.te
index 956d0b01..f04ab537 100644
--- a/common/ssr_diag.te
+++ b/common/ssr_diag.te
@@ -4,4 +4,5 @@ init_daemon_domain(ssr_diag);
 
 userdebug_or_eng(`
   allow ssr_diag sysfs:file w_file_perms;
+  diag_use(ssr_diag)
 ')
diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te
index 9baa3a04..0a8ae6de 100644
--- a/common/surfaceflinger.te
+++ b/common/surfaceflinger.te
@@ -37,3 +37,7 @@ binder_call(surfaceflinger, mmi)
 
 #Allow access to cameraserver service
 allow surfaceflinger cameraserver_service:service_manager find;
+#diag
+userdebug_or_eng(`
+    diag_use(surfaceflinger)
+')
diff --git a/common/system_app.te b/common/system_app.te
index fdfa00b3..01d999af 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -63,6 +63,7 @@ userdebug_or_eng(`
   # Access to tombstone segfaults
   allow system_app tombstone_data_file:dir r_dir_perms;
   allow system_app tombstone_data_file:file r_file_perms;
+  diag_use(system_app)
 ')
 
 allow system_app cnd_data_file:dir w_dir_perms;
@@ -99,6 +100,7 @@ binder_call(system_app, secotad)
 
 # allow system_app to interact with imscm daemon
 binder_call(system_app, imscm)
+allow system_app imscm_service:service_manager find;
 
 # access to seemp folder
 allow system_app seemp_file:dir r_dir_perms;
diff --git a/common/system_server.te b/common/system_server.te
index ca4a6bdf..f77d8a71 100644
--- a/common/system_server.te
+++ b/common/system_server.te
@@ -159,3 +159,6 @@ allow system_server system_file:system module_load;
 
 allow system_server persist_alarm_file:dir rw_dir_perms;
 allow system_server persist_alarm_file:file { rw_file_perms create };
+userdebug_or_eng(`
+  diag_use(system_server)
+')
diff --git a/common/te_macros b/common/te_macros
index e232bb5a..4fd7b62b 100644
--- a/common/te_macros
+++ b/common/te_macros
@@ -53,3 +53,9 @@ allow dpmd $1:file r_file_perms;
 allow dpmd $1:fd use;
 allow dpmd $1:tcp_socket rw_socket_perms;
 ')
+#####################################
+# diag_use(clientdomain)
+# allow clientdomain to read/write to diag
+define(`diag_use', `
+allow $1 diag_device:chr_file rw_file_perms;
+')
diff --git a/common/thermal-engine.te b/common/thermal-engine.te
index 4f0e1af0..33a0efed 100644
--- a/common/thermal-engine.te
+++ b/common/thermal-engine.te
@@ -51,3 +51,7 @@ allow thermal-engine uio_device:chr_file rw_file_perms;
 
 #Label the thermal sockets correctly
 type_transition thermal-engine socket_device:sock_file thermal_socket;
+
+userdebug_or_eng(`
+  diag_use(thermal-engine)
+')
diff --git a/common/time_daemon.te b/common/time_daemon.te
index 5f64ec5f..20d9dbf5 100644
--- a/common/time_daemon.te
+++ b/common/time_daemon.te
@@ -16,4 +16,13 @@ allow time_daemon time_data_file:dir w_dir_perms;
 allow time_daemon self:socket create_socket_perms;
 allow time_daemon self:capability { setuid setgid sys_time };
 
+allow time_daemon persist_time_file:file create_file_perms;
+allow time_daemon persist_time_file:dir w_dir_perms;
+
+allow time_daemon persist_file:dir search;
+
 r_dir_file(time_daemon, sysfs_esoc);
+
+userdebug_or_eng(`
+  diag_use(time_daemon)
+')
diff --git a/common/untrusted_app.te b/common/untrusted_app.te
index a06eb76a..32e1f5db 100644
--- a/common/untrusted_app.te
+++ b/common/untrusted_app.te
@@ -13,6 +13,7 @@ allow untrusted_app sysfs_battery_supply:file r_file_perms;
 # using binder call
 userdebug_or_eng(`
   binder_call(untrusted_app, imscm)
+  allow untrusted_app imscm_service:service_manager find;
 ')
 
 # for finding wbc_service
diff --git a/common/vold.te b/common/vold.te
index 08476cf3..48411ebf 100755
--- a/common/vold.te
+++ b/common/vold.te
@@ -2,6 +2,11 @@ allow vold tee_device:chr_file rw_file_perms;
 allow vold self:capability sys_boot;
 allow vold cache_file:dir w_dir_perms;
 allow vold { fscklogs cache_file }:file create_file_perms;
+
+# Read and write /cache/recovery/command
+allow vold cache_recovery_file:dir rw_dir_perms;
+allow vold cache_recovery_file:file create_file_perms;
+
 allow vold { proc_sysrq proc_dirty_ratio }:file rw_file_perms;
 wakelock_use(vold)
 allow vold swap_block_device:blk_file r_file_perms;
diff --git a/common/wcnss_filter.te b/common/wcnss_filter.te
index 9e811456..7d84a76e 100644
--- a/common/wcnss_filter.te
+++ b/common/wcnss_filter.te
@@ -49,3 +49,8 @@ r_dir_file(wcnss_filter, bt_firmware_file)
 # Data file accesses.
 allow wcnss_filter bluetooth_data_file:dir create_dir_perms;
 allow wcnss_filter bluetooth_data_file:notdevfile_class_set create_file_perms;
+
+#diag
+userdebug_or_eng(`
+    diag_use(wcnss_filter)
+')
diff --git a/common/wcnss_service.te b/common/wcnss_service.te
index 724ee0d5..9f18d044 100644
--- a/common/wcnss_service.te
+++ b/common/wcnss_service.te
@@ -33,6 +33,9 @@ allow wcnss_service firmware_file:file r_file_perms;
 allow wcnss_service sysfs:file w_file_perms;
 allow wcnss_service storage_file:dir search;
 
+# allow access to netd
+unix_socket_connect(wcnss_service, netd, netd)
+
 userdebug_or_eng(`
 allow wcnss_service fuse:dir create_dir_perms;
 allow wcnss_service fuse:file create_file_perms;
@@ -45,4 +48,8 @@ allow wcnss_service dynamic_nv_data_file:dir r_dir_perms;
 # This is needed for ptt_socket app to write logs file collected to sdcard
 r_dir_file(wcnss_service, storage_file)
 r_dir_file(wcnss_service, mnt_user_file)
+diag_use(wcnss_service)
 ')
+
+binder_use(wcnss_service)
+use_per_mgr(wcnss_service)
diff --git a/common/zygote.te b/common/zygote.te
new file mode 100644
index 00000000..104613f8
--- /dev/null
+++ b/common/zygote.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow zygote to access seempdw socket
+unix_socket_send(zygote, seempdw, seempd)
diff --git a/msm8937/device.te b/msm8937/device.te
new file mode 100644
index 00000000..66dd4e50
--- /dev/null
+++ b/msm8937/device.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Define rawdump block device
+type rawdump_block_device, dev_type;
diff --git a/msm8937/file.te b/msm8937/file.te
new file mode 100644
index 00000000..10d41462
--- /dev/null
+++ b/msm8937/file.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#sysfs emmc dload type
+type sysfs_emmc_dload, sysfs_type, fs_type;
diff --git a/msm8937/file_contexts b/msm8937/file_contexts
index 7afdf05c..30978355 100644
--- a/msm8937/file_contexts
+++ b/msm8937/file_contexts
@@ -45,3 +45,7 @@
 /dev/block/platform/soc/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
 /dev/block/platform/soc/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
 /dev/block/platform/soc/7824900.sdhci/by-name/cache                 u:object_r:cache_block_device:s0
+
+#rawdump partition
+/dev/block/platform/soc/7824900.sdhci/by-name/rawdump               u:object_r:rawdump_block_device:s0
+/sys/kernel/dload/emmc_dload                                        u:object_r:sysfs_emmc_dload:s0
diff --git a/msm8937/idmap.te b/msm8937/idmap.te
new file mode 100644
index 00000000..84b11e8f
--- /dev/null
+++ b/msm8937/idmap.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow idmap oemfs:file r_file_perms;
+allow idmap oemfs:dir r_dir_perms;
diff --git a/msm8937/platform_app.te b/msm8937/platform_app.te
new file mode 100644
index 00000000..919f16f5
--- /dev/null
+++ b/msm8937/platform_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow platform_app oemfs:lnk_file { read getattr };
diff --git a/msm8937/priv_app.te b/msm8937/priv_app.te
new file mode 100644
index 00000000..203ed549
--- /dev/null
+++ b/msm8937/priv_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow priv_app oemfs:lnk_file { read getattr };
diff --git a/msm8937/qti-logkit.te b/msm8937/qti-logkit.te
new file mode 100644
index 00000000..725cf476
--- /dev/null
+++ b/msm8937/qti-logkit.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow qti_logkit for rawdump partition
+allow qti_logkit block_device:dir r_dir_perms;
+allow qti_logkit rawdump_block_device:blk_file rw_file_perms;
+
+# allow qti_logkit for sysfs emmc dload node
+allow qti_logkit sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8937/ridl.te b/msm8937/ridl.te
new file mode 100644
index 00000000..0147c26c
--- /dev/null
+++ b/msm8937/ridl.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow RIDL for rawdump partition
+allow RIDL block_device:dir r_dir_perms;
+allow RIDL rawdump_block_device:blk_file rw_file_perms;
+
+# allow RIDL for enable sysfs node
+allow RIDL sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8937/system_app.te b/msm8937/system_app.te
new file mode 100644
index 00000000..10c8adac
--- /dev/null
+++ b/msm8937/system_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow system_app oemfs:lnk_file { read getattr };
diff --git a/msm8937/untrusted_app.te b/msm8937/untrusted_app.te
new file mode 100644
index 00000000..e8b029e1
--- /dev/null
+++ b/msm8937/untrusted_app.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+# for oemfs
+allow untrusted_app oemfs:lnk_file { read getattr };
diff --git a/msm8953/device.te b/msm8953/device.te
new file mode 100644
index 00000000..66dd4e50
--- /dev/null
+++ b/msm8953/device.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Define rawdump block device
+type rawdump_block_device, dev_type;
diff --git a/msm8953/file.te b/msm8953/file.te
new file mode 100644
index 00000000..10d41462
--- /dev/null
+++ b/msm8953/file.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#sysfs emmc dload type
+type sysfs_emmc_dload, sysfs_type, fs_type;
diff --git a/msm8953/file_contexts b/msm8953/file_contexts
index 24464cc9..51bfa05f 100644
--- a/msm8953/file_contexts
+++ b/msm8953/file_contexts
@@ -44,3 +44,7 @@
 /dev/block/platform/soc/7824900.sdhci/by-name/mdtp                  u:object_r:mdtp_device:s0
 /dev/block/platform/soc/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
 /dev/block/platform/soc/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
+
+#rawdump partition
+/dev/block/platform/soc/7824900.sdhci/by-name/rawdump               u:object_r:rawdump_block_device:s0
+/sys/kernel/dload/emmc_dload                                        u:object_r:sysfs_emmc_dload:s0
diff --git a/msm8953/idmap.te b/msm8953/idmap.te
new file mode 100644
index 00000000..84b11e8f
--- /dev/null
+++ b/msm8953/idmap.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow idmap oemfs:file r_file_perms;
+allow idmap oemfs:dir r_dir_perms;
diff --git a/msm8953/platform_app.te b/msm8953/platform_app.te
new file mode 100644
index 00000000..919f16f5
--- /dev/null
+++ b/msm8953/platform_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow platform_app oemfs:lnk_file { read getattr };
diff --git a/msm8953/priv_app.te b/msm8953/priv_app.te
new file mode 100644
index 00000000..203ed549
--- /dev/null
+++ b/msm8953/priv_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow priv_app oemfs:lnk_file { read getattr };
diff --git a/msm8953/qti-logkit.te b/msm8953/qti-logkit.te
new file mode 100644
index 00000000..725cf476
--- /dev/null
+++ b/msm8953/qti-logkit.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow qti_logkit for rawdump partition
+allow qti_logkit block_device:dir r_dir_perms;
+allow qti_logkit rawdump_block_device:blk_file rw_file_perms;
+
+# allow qti_logkit for sysfs emmc dload node
+allow qti_logkit sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8953/ridl.te b/msm8953/ridl.te
new file mode 100644
index 00000000..0147c26c
--- /dev/null
+++ b/msm8953/ridl.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow RIDL for rawdump partition
+allow RIDL block_device:dir r_dir_perms;
+allow RIDL rawdump_block_device:blk_file rw_file_perms;
+
+# allow RIDL for enable sysfs node
+allow RIDL sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8953/system_app.te b/msm8953/system_app.te
new file mode 100644
index 00000000..10c8adac
--- /dev/null
+++ b/msm8953/system_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow system_app oemfs:lnk_file { read getattr };
diff --git a/msm8953/untrusted_app.te b/msm8953/untrusted_app.te
new file mode 100644
index 00000000..e8b029e1
--- /dev/null
+++ b/msm8953/untrusted_app.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+# for oemfs
+allow untrusted_app oemfs:lnk_file { read getattr };
diff --git a/msm8976/device.te b/msm8976/device.te
new file mode 100644
index 00000000..66dd4e50
--- /dev/null
+++ b/msm8976/device.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Define rawdump block device
+type rawdump_block_device, dev_type;
diff --git a/msm8976/file.te b/msm8976/file.te
new file mode 100644
index 00000000..10d41462
--- /dev/null
+++ b/msm8976/file.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#sysfs emmc dload type
+type sysfs_emmc_dload, sysfs_type, fs_type;
diff --git a/msm8976/file_contexts b/msm8976/file_contexts
new file mode 100644
index 00000000..8a9ea58d
--- /dev/null
+++ b/msm8976/file_contexts
@@ -0,0 +1,30 @@
+# Copyright (c) 2015, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#rawdump partition
+/dev/block/platform/soc/7824900.sdhci/by-name/rawdump               u:object_r:rawdump_block_device:s0
+/sys/kernel/dload/emmc_dload                                        u:object_r:sysfs_emmc_dload:s0
diff --git a/msm8976/qti-logkit.te b/msm8976/qti-logkit.te
new file mode 100644
index 00000000..725cf476
--- /dev/null
+++ b/msm8976/qti-logkit.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow qti_logkit for rawdump partition
+allow qti_logkit block_device:dir r_dir_perms;
+allow qti_logkit rawdump_block_device:blk_file rw_file_perms;
+
+# allow qti_logkit for sysfs emmc dload node
+allow qti_logkit sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8976/ridl.te b/msm8976/ridl.te
new file mode 100644
index 00000000..0147c26c
--- /dev/null
+++ b/msm8976/ridl.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow RIDL for rawdump partition
+allow RIDL block_device:dir r_dir_perms;
+allow RIDL rawdump_block_device:blk_file rw_file_perms;
+
+# allow RIDL for enable sysfs node
+allow RIDL sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8996/device.te b/msm8996/device.te
new file mode 100644
index 00000000..66dd4e50
--- /dev/null
+++ b/msm8996/device.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Define rawdump block device
+type rawdump_block_device, dev_type;
diff --git a/msm8996/file.te b/msm8996/file.te
index ebc72cfe..ed188636 100644
--- a/msm8996/file.te
+++ b/msm8996/file.te
@@ -34,3 +34,6 @@ type tlocd_data_file, file_type, data_file_type;
 # Data type for qvrd
 type qvrd_data_file, file_type, data_file_type;
 type qvrd_socket, file_type, mlstrustedobject;
+
+#sysfs emmc dload type
+type sysfs_emmc_dload, sysfs_type, fs_type;
diff --git a/msm8996/file_contexts b/msm8996/file_contexts
index af12a6d3..6c3e83bd 100644
--- a/msm8996/file_contexts
+++ b/msm8996/file_contexts
@@ -96,9 +96,15 @@
 #
 /sys/devices/virtual/graphics/fb([0-2])+/lineptr_value                          u:object_r:sysfs_graphics:s0
 
+/sys/devices/soc/b00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies   u:object_r:sysfs_kgsl:s0
+
 ###################################
 # data files
 #
 /data/misc/qvop(/.*)?      u:object_r:qvop_data_file:s0
 /data/misc/tloc(/.*)?      u:object_r:tlocd_data_file:s0
 /data/misc/qvr(/.*)?       u:object_r:qvrd_data_file:s0
+
+#rawdump partition
+/dev/block/platform/soc/7464900.sdhci/by-name/rawdump                           u:object_r:rawdump_block_device:s0
+/sys/kernel/dload/emmc_dload                                                    u:object_r:sysfs_emmc_dload:s0
diff --git a/msm8996/qti-logkit.te b/msm8996/qti-logkit.te
new file mode 100644
index 00000000..725cf476
--- /dev/null
+++ b/msm8996/qti-logkit.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow qti_logkit for rawdump partition
+allow qti_logkit block_device:dir r_dir_perms;
+allow qti_logkit rawdump_block_device:blk_file rw_file_perms;
+
+# allow qti_logkit for sysfs emmc dload node
+allow qti_logkit sysfs_emmc_dload:file rw_file_perms;
diff --git a/msm8996/ridl.te b/msm8996/ridl.te
new file mode 100644
index 00000000..0147c26c
--- /dev/null
+++ b/msm8996/ridl.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow RIDL for rawdump partition
+allow RIDL block_device:dir r_dir_perms;
+allow RIDL rawdump_block_device:blk_file rw_file_perms;
+
+# allow RIDL for enable sysfs node
+allow RIDL sysfs_emmc_dload:file rw_file_perms;
diff --git a/msmcobalt/bootanim.te b/msmcobalt/bootanim.te
new file mode 100644
index 00000000..51701259
--- /dev/null
+++ b/msmcobalt/bootanim.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# For regionalization
+allow bootanim persist_file:dir r_dir_perms;
+allow bootanim regionalization_file:dir r_dir_perms;
+allow bootanim regionalization_file:file r_file_perms;
diff --git a/msmcobalt/device.te b/msmcobalt/device.te
new file mode 100644
index 00000000..66dd4e50
--- /dev/null
+++ b/msmcobalt/device.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Define rawdump block device
+type rawdump_block_device, dev_type;
diff --git a/msmcobalt/file.te b/msmcobalt/file.te
new file mode 100644
index 00000000..7679b9d9
--- /dev/null
+++ b/msmcobalt/file.te
@@ -0,0 +1,32 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#sysfs emmc dload type
+type sysfs_emmc_dload, sysfs_type, fs_type;
+
+# Data type for QVOP
+type qvop_data_file, file_type, data_file_type;
\ No newline at end of file
diff --git a/msmcobalt/file_contexts b/msmcobalt/file_contexts
index 35f2ffb0..46ad29a2 100644
--- a/msmcobalt/file_contexts
+++ b/msmcobalt/file_contexts
@@ -37,8 +37,26 @@
 /dev/block/platform/soc/1da4000.ufshc/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/misc                               u:object_r:misc_partition:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/misc                               u:object_r:misc_block_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/rpm                                u:object_r:rpmb_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/msadp                              u:object_r:mba_debug_dev:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/recovery                           u:object_r:recovery_block_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/cache                              u:object_r:cache_block_device:s0
+
+#rawdump partition
+/dev/block/platform/soc/1da4000.ufshc/by-name/rawdump                            u:object_r:rawdump_block_device:s0
+/sys/kernel/dload/emmc_dload                                                     u:object_r:sysfs_emmc_dload:s0
+
+###################################
+# System files
+#
+/system/bin/qvop-daemon u:object_r:qvop_exec:s0
+###################################
+# data files
+#
+/data/misc/qvop(/.*)?      u:object_r:qvop_data_file:s0
+
+##################################
+# non-hlos mount points
+/firmware                  u:object_r:firmware_file:s0
+/bt_firmware               u:object_r:bt_firmware_file:s0
diff --git a/msmcobalt/idmap.te b/msmcobalt/idmap.te
new file mode 100644
index 00000000..84b11e8f
--- /dev/null
+++ b/msmcobalt/idmap.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow idmap oemfs:file r_file_perms;
+allow idmap oemfs:dir r_dir_perms;
diff --git a/msmcobalt/init_shell.te b/msmcobalt/init_shell.te
new file mode 100644
index 00000000..5f2ea564
--- /dev/null
+++ b/msmcobalt/init_shell.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# For regionalization
+allow qti_init_shell regionalization_file:dir r_dir_perms;
+allow qti_init_shell regionalization_file:file create_file_perms;
diff --git a/msmcobalt/platform_app.te b/msmcobalt/platform_app.te
new file mode 100644
index 00000000..919f16f5
--- /dev/null
+++ b/msmcobalt/platform_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow platform_app oemfs:lnk_file { read getattr };
diff --git a/msmcobalt/priv_app.te b/msmcobalt/priv_app.te
new file mode 100644
index 00000000..203ed549
--- /dev/null
+++ b/msmcobalt/priv_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow priv_app oemfs:lnk_file { read getattr };
diff --git a/msmcobalt/qseecomd.te b/msmcobalt/qseecomd.te
new file mode 100644
index 00000000..0e940c59
--- /dev/null
+++ b/msmcobalt/qseecomd.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Provide access to Q VoicePrint
+allow tee qvop_data_file:dir create_dir_perms;
+allow tee qvop_data_file:file create_file_perms;
diff --git a/msmcobalt/qti-logkit.te b/msmcobalt/qti-logkit.te
new file mode 100644
index 00000000..725cf476
--- /dev/null
+++ b/msmcobalt/qti-logkit.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow qti_logkit for rawdump partition
+allow qti_logkit block_device:dir r_dir_perms;
+allow qti_logkit rawdump_block_device:blk_file rw_file_perms;
+
+# allow qti_logkit for sysfs emmc dload node
+allow qti_logkit sysfs_emmc_dload:file rw_file_perms;
diff --git a/msmcobalt/qvop.te b/msmcobalt/qvop.te
new file mode 100644
index 00000000..ce69fa4d
--- /dev/null
+++ b/msmcobalt/qvop.te
@@ -0,0 +1,46 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type qvop, domain;
+type qvop_exec, exec_type, file_type;
+
+init_daemon_domain(qvop)
+
+allow qvop qvop_data_file:dir create_dir_perms;
+allow qvop qvop_data_file:file create_file_perms;
+
+binder_call(qvop, system_app)
+
+# Add IQvopService service
+allow qvop iqvop_service:service_manager add;
+
+binder_use(qvop)
+
+allow qvop tee_device:chr_file rw_file_perms;
+r_dir_file(qvop, firmware_file)
+
+allow qvop ion_device:chr_file r_file_perms;
\ No newline at end of file
diff --git a/msmcobalt/recovery.te b/msmcobalt/recovery.te
new file mode 100644
index 00000000..ef6eb7b0
--- /dev/null
+++ b/msmcobalt/recovery.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+recovery_only(`
+    allow recovery shell_exec:file x_file_perms;
+')
diff --git a/msmcobalt/ridl.te b/msmcobalt/ridl.te
new file mode 100644
index 00000000..0147c26c
--- /dev/null
+++ b/msmcobalt/ridl.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow RIDL for rawdump partition
+allow RIDL block_device:dir r_dir_perms;
+allow RIDL rawdump_block_device:blk_file rw_file_perms;
+
+# allow RIDL for enable sysfs node
+allow RIDL sysfs_emmc_dload:file rw_file_perms;
diff --git a/msmcobalt/service.te b/msmcobalt/service.te
new file mode 100644
index 00000000..ad41b5fa
--- /dev/null
+++ b/msmcobalt/service.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# regionalization service
+type regionalization_service,            system_api_service,    service_manager_type;
+
+type iqvop_service,   service_manager_type;
\ No newline at end of file
diff --git a/msmcobalt/service_contexts b/msmcobalt/service_contexts
new file mode 100644
index 00000000..20ab6358
--- /dev/null
+++ b/msmcobalt/service_contexts
@@ -0,0 +1,31 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Regionalization service
+regionalization                                       u:object_r:regionalization_service:s0
+
+android.apps.IQvopService                             u:object_r:iqvop_service:s0
\ No newline at end of file
diff --git a/msmcobalt/system_app.te b/msmcobalt/system_app.te
new file mode 100644
index 00000000..d11659b6
--- /dev/null
+++ b/msmcobalt/system_app.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+binder_call(system_app, qvop)
+#for oemfs
+allow system_app oemfs:lnk_file { read getattr };
diff --git a/msmcobalt/system_server.te b/msmcobalt/system_server.te
new file mode 100644
index 00000000..54c7faa6
--- /dev/null
+++ b/msmcobalt/system_server.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# For Regionalization service
+allow system_server regionalization_service:service_manager { add find };
+allow system_server regionalization_file:file rw_file_perms;
+allow system_server regionalization_file:dir r_dir_perms;
+allow system_server resourcecache_data_file:dir create_dir_perms;
+allow system_server resourcecache_data_file:file create_file_perms;
diff --git a/msmcobalt/untrusted_app.te b/msmcobalt/untrusted_app.te
new file mode 100644
index 00000000..e8b029e1
--- /dev/null
+++ b/msmcobalt/untrusted_app.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+# for oemfs
+allow untrusted_app oemfs:lnk_file { read getattr };
diff --git a/msmcobalt/zygote.te b/msmcobalt/zygote.te
new file mode 100644
index 00000000..c8d772e4
--- /dev/null
+++ b/msmcobalt/zygote.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# For regionalization
+allow zygote persist_file:dir r_dir_perms;
+allow zygote regionalization_file:dir r_dir_perms;
+allow zygote regionalization_file:file r_file_perms;
+allow zygote oemfs:dir r_dir_perms;
+allow zygote oemfs:file r_file_perms;
diff --git a/test/qti-testscripts.te b/test/qti-testscripts.te
index 380af29f..4d3eadfd 100644
--- a/test/qti-testscripts.te
+++ b/test/qti-testscripts.te
@@ -78,5 +78,5 @@ userdebug_or_eng(`
   binder_call({ domain -init -netd }, qti-testscripts)
   allow domain qti-testscripts:fifo_file { write getattr };
   allow domain qti-testscripts:process sigchld;
-
+  diag_use(radio)
 ')