diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te
index 8c2e4cd..55fef41 100644
--- a/sepolicy/hal_audio_default.te
+++ b/sepolicy/hal_audio_default.te
@@ -12,6 +12,7 @@ allow hal_audio_default vendor_audiopcm_data_file:file create_file_perms;
 
 allow hal_audio_default vendor_log_file:dir r_dir_perms;
 
+allow hal_audio_default audio_prop:file { getattr open read };
 allow hal_audio_default audio_prop:property_service set;
 
 allow hal_audio_default imei_efs_file:dir search;
diff --git a/sepolicy/hal_gnss_qti.te b/sepolicy/hal_gnss_qti.te
index 1a34f65..11a803f 100644
--- a/sepolicy/hal_gnss_qti.te
+++ b/sepolicy/hal_gnss_qti.te
@@ -15,3 +15,5 @@ allow hal_gnss_qti qmuxd_socket:dir { add_name write };
 allow hal_gnss_qti qmuxd_socket:sock_file { create write };
 
 allow hal_gnss_qti sysfs:file { getattr open write read };
+
+allow hal_gnss_qti radio_prop:file { getattr open read };
diff --git a/sepolicy/hal_light_default.te b/sepolicy/hal_light_default.te
index 0b78883..3a01a8a 100644
--- a/sepolicy/hal_light_default.te
+++ b/sepolicy/hal_light_default.te
@@ -2,3 +2,5 @@ allow hal_light_default sysfs_lcd_writable:dir search;
 allow hal_light_default sysfs_lcd_writable:file { getattr open read write };
 
 allow hal_light_default sysfs:file { getattr open write };
+
+allow hal_light_default sysfs_touchkey:lnk_file read;
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 5c7e411..d695432 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -6,7 +6,7 @@ allow init dsp_file:dir mounton;
 allow init system_file:file execute_no_trans;
 allow init vendor_file:file execute_no_trans;
 
-allow init socket_device:sock_file create;
+allow init socket_device:sock_file create_file_perms;
 
 allow init sysfs_graphics:file { open read write };
 
@@ -30,7 +30,7 @@ allow init self:netlink_socket { create read bind };
 allow init self:tcp_socket { bind create };
 
 allow init sysfs:dir create;
-allow init sysfs:file { open setattr write open };
+allow init sysfs:file { open setattr write read };
 
 allow init sysfs_touchkey:lnk_file read;
 
diff --git a/sepolicy/location.te b/sepolicy/location.te
index 2930b10..48602fc 100644
--- a/sepolicy/location.te
+++ b/sepolicy/location.te
@@ -1,3 +1,7 @@
 allow location csc_prop:file { getattr open read };
 
 allow location sysfs:file { open read };
+
+allow location radio_prop:file { getattr open read };
+
+allow location wifi_hal_prop:file { getattr open read };
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
index 1734f10..b8c27b0 100644
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
@@ -8,4 +8,6 @@ allow qti_init_shell self:capability dac_override;
 
 allow qti_init_shell sysfs:file write;
 
-set_prop(qti_init_shell, ctl_default_prop)
+allow qti_init_shell default_prop:file { getattr open };
+
+set_prop(qti_init_shell, ctl_default_prop)
\ No newline at end of file
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 5a09b90..a3a5e91 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -9,10 +9,16 @@ allow rild app_efs_file:file { getattr open read };
 
 allow rild default_android_hwservice:hwservice_manager add;
 allow rild default_prop:property_service set;
+allow rild default_prop:file { getattr open read };
 
 allow rild imei_efs_file:file { open read setattr getattr write };
 
 allow rild system_data_file:dir { write add_name };
 allow rild system_data_file:file { create open write setattr };
 
+allow rild radio_core_data_file:dir { add_name write };
+allow rild radio_core_data_file:file { create open setattr write };
+
+allow rild system_prop:file { getattr open read };
+
 get_prop(rild, csc_prop)
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
new file mode 100644
index 0000000..8c35a6e
--- /dev/null
+++ b/sepolicy/system_app.te
@@ -0,0 +1,13 @@
+allow system_app proc_pagetypeinfo:file { getattr open read };
+
+allow system_app sysfs_zram:dir search;
+allow system_app sysfs_zram:file { open read getattr };
+
+allow system_app system_suspend_control_internal_service:service_manager find;
+allow system_app system_suspend_control_service:service_manager find;
+
+allow system_app hal_power_default:binder call;
+
+allow system_app installd:binder call;
+
+allow system_app netd:binder call;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 57a6ac6..65b8254 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,5 +1,7 @@
 allow system_server init:binder call;
 
+allow system_server build_bootimage_prop:file { getattr open read };
+
 allow system_server userspace_reboot_config_prop:file { getattr open read };
 allow system_server userspace_reboot_exported_prop:file { getattr open read };
 
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
index aad40eb..366ff27 100644
--- a/sepolicy/thermal-engine.te
+++ b/sepolicy/thermal-engine.te
@@ -2,3 +2,5 @@ allow thermal-engine self:capability dac_override;
 
 allow thermal-engine sysfs:dir { open read };
 allow thermal-engine sysfs:file { getattr open read };
+
+allow thermal-engine system_prop:file { getattr open read };
diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te
index ba9ecac..f2e206d 100644
--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
@@ -1,3 +1,6 @@
 r_dir_file(time_daemon, timeservice_app)
 
 allow time_daemon sysfs:file { open read };
+
+allow time_daemon tee:dir search;
+allow time_daemon tee:file { open read };
diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te
index 6f7d6c6..4806cc7 100644
--- a/sepolicy/vendor_init.te
+++ b/sepolicy/vendor_init.te
@@ -19,6 +19,9 @@ allow vendor_init system_data_file:dir { add_name create setattr write };
 allow vendor_init tombstone_data_file:dir getattr;
 allow vendor_init emmcblk_device:blk_file getattr;
 
+allow vendor_init radio_prop:file { getattr open read };
+allow vendor_init radio_prop:property_service set;
+
 set_prop(vendor_init, camera_prop)
 set_prop(vendor_init, config_prop)
 set_prop(vendor_init, csc_prop)
@@ -27,3 +30,5 @@ set_prop(vendor_init, receiver_error_prop)
 set_prop(vendor_init, vendor_iop_prop)
 set_prop(vendor_init, vendor_members_prop)
 set_prop(vendor_init, vold_prop)
+
+get_prop(vendor_init, system_prop)
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index 313d37d..e396c8c 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,2 +1,5 @@
 allow zygote exported_camera_prop:file { getattr open read };
 allow zygote device:file { open write };
+
+allow zygote sysfs:file create_file_perms;
+allow zygote sysfs:dir create_dir_perms;