diff --git a/sepolicy/crash_dump.te b/sepolicy/crash_dump.te
new file mode 100644
index 0000000..c02f541
--- /dev/null
+++ b/sepolicy/crash_dump.te
@@ -0,0 +1,7 @@
+allow crash_dump {
+    exported_camera_prop
+    gpu_device
+    hwservicemanager_prop
+    media_variant_prop
+    resourcecache_data_file
+}:file r_file_perms;
diff --git a/sepolicy/gmscore_app.te b/sepolicy/gmscore_app.te
index 5b963b5..b730f89 100644
--- a/sepolicy/gmscore_app.te
+++ b/sepolicy/gmscore_app.te
@@ -1 +1,7 @@
 binder_call(gmscore_app, hal_memtrack_default);
+
+allow gmscore_app {
+    adbd_prop
+    apexd_prop
+    apk_verity_prop
+}:file r_file_perms;
diff --git a/sepolicy/hal_wifi_default.te b/sepolicy/hal_wifi_default.te
index 217dd31..2cb9d7c 100644
--- a/sepolicy/hal_wifi_default.te
+++ b/sepolicy/hal_wifi_default.te
@@ -1 +1,2 @@
 allow hal_wifi_default vendor_convergence_data_file:file { open read write };
+allow hal_wifi_default proc_net:file write;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 424378f..57a6ac6 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -4,3 +4,6 @@ allow system_server userspace_reboot_config_prop:file { getattr open read };
 allow system_server userspace_reboot_exported_prop:file { getattr open read };
 
 allow system_server proc_last_kmsg:file r_file_perms;
+
+allow system_server app_zygote:process getpgid;
+allow system_server system_data_root_file:file r_file_perms;
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index e72debd..8a1ee72 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -41,8 +41,8 @@ allow tee vaultkeeper_efs_file:file rw_file_perms;
 allow tee vendor_data_file:dir create_dir_perms;
 allow tee vendor_data_file:file create_file_perms;
 
-allow tee gatekeeper_data_file:dir read;
-allow tee gatekeeper_data_file:file getattr;
+allow tee gatekeeper_data_file:dir { read open };
+allow tee gatekeeper_data_file:file { getattr open read write };
 
 get_prop(tee, hwservicemanager_prop)
 set_prop(tee, vendor_qseecomd_prop)