diff --git a/BoardConfig.mk b/BoardConfig.mk
index f53ff39..92088a3 100755
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -44,7 +44,7 @@ DEVICE_MANIFEST_FILE += $(DEVICE_PATH)/manifest.xml
 
 # Kernel
 BOARD_KERNEL_BASE := 0x00000000
-BOARD_KERNEL_CMDLINE := console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3 zcache.enabled=1 zcache.compressor=lz4 androidboot.selinux=permissive
+BOARD_KERNEL_CMDLINE := console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3 zcache.enabled=1 zcache.compressor=lz4
 BOARD_KERNEL_IMAGE_NAME := zImage
 BOARD_KERNEL_PAGESIZE := 2048
 BOARD_KERNEL_SEPARATED_DT := true
diff --git a/sepolicy/common/audioserver.te b/sepolicy/common/audioserver.te
new file mode 100644
index 0000000..b47de08
--- /dev/null
+++ b/sepolicy/common/audioserver.te
@@ -0,0 +1 @@
+allow audioserver vendor_default_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts
index b81c892..97f5a90 100644
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@@ -2,9 +2,12 @@
 /misc            u:object_r:misc_block_device:s0
 
 # DRM
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
 /data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
 
+# Power
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light(@[0-9].[0-9])?-service\.samsung           u:object_r:hal_light_default_exec:s0
+
 # sysfs - iio
 /sys/bus/iio/devices/iio:device[0-9]+(/.*)? u:object_r:sysfs_iio:s0
 /sys/devices/[a-f0-9]+\.i2c/i2c-[0-9]+/[0-9]+-[0-9]+/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
diff --git a/sepolicy/common/hal_gnss_default.te b/sepolicy/common/hal_gnss_default.te
new file mode 100644
index 0000000..1a8fe27
--- /dev/null
+++ b/sepolicy/common/hal_gnss_default.te
@@ -0,0 +1 @@
+allow hal_gnss_default system_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/hal_graphics_allocator_default.te b/sepolicy/common/hal_graphics_allocator_default.te
new file mode 100644
index 0000000..055c598
--- /dev/null
+++ b/sepolicy/common/hal_graphics_allocator_default.te
@@ -0,0 +1 @@
+allow hal_graphics_allocator_default default_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/hal_graphics_composer_default.te b/sepolicy/common/hal_graphics_composer_default.te
new file mode 100644
index 0000000..67dde5f
--- /dev/null
+++ b/sepolicy/common/hal_graphics_composer_default.te
@@ -0,0 +1,2 @@
+allow hal_graphics_composer_default default_prop:file r_file_perms;
+allow hal_graphics_composer_default system_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/hal_sensors_default.te b/sepolicy/common/hal_sensors_default.te
index fc88ff2..8bbd827 100644
--- a/sepolicy/common/hal_sensors_default.te
+++ b/sepolicy/common/hal_sensors_default.te
@@ -1 +1,3 @@
+allow hal_sensors_default default_prop:file r_file_perms;
+allow hal_sensors_default proc:file r_file_perms;
 allow hal_sensors_default sensors_data_file:file create_file_perms;
diff --git a/sepolicy/common/init.te b/sepolicy/common/init.te
index f6a133e..8337d4b 100644
--- a/sepolicy/common/init.te
+++ b/sepolicy/common/init.te
@@ -1,2 +1,4 @@
 allow init sysfs:file setattr;
+allow init sysfs_graphics:file rw_file_perms;
+allow init sysfs_sec_touchkey:file rw_file_perms;
 allow init system_file:file execute_no_trans;
diff --git a/sepolicy/common/mediacodec.te b/sepolicy/common/mediacodec.te
new file mode 100644
index 0000000..24510da
--- /dev/null
+++ b/sepolicy/common/mediacodec.te
@@ -0,0 +1 @@
+allow mediacodec default_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/mediaserver.te b/sepolicy/common/mediaserver.te
new file mode 100644
index 0000000..400eac5
--- /dev/null
+++ b/sepolicy/common/mediaserver.te
@@ -0,0 +1,2 @@
+allow mediaserver package_native_service:service_manager find;
+allow mediaserver vendor_default_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/mm-qcamerad.te b/sepolicy/common/mm-qcamerad.te
new file mode 100644
index 0000000..b00d8f4
--- /dev/null
+++ b/sepolicy/common/mm-qcamerad.te
@@ -0,0 +1 @@
+allow mm-qcamerad default_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/mpdecision.te b/sepolicy/common/mpdecision.te
new file mode 100644
index 0000000..cc3e741
--- /dev/null
+++ b/sepolicy/common/mpdecision.te
@@ -0,0 +1 @@
+allow mpdecision default_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/system_server.te b/sepolicy/common/system_server.te
new file mode 100644
index 0000000..0083dd9
--- /dev/null
+++ b/sepolicy/common/system_server.te
@@ -0,0 +1,2 @@
+allow system_server init:binder call;
+allow system_server build_bootimage_prop:file r_file_perms;
\ No newline at end of file
diff --git a/sepolicy/common/vendor_init.te b/sepolicy/common/vendor_init.te
new file mode 100644
index 0000000..613edb9
--- /dev/null
+++ b/sepolicy/common/vendor_init.te
@@ -0,0 +1,7 @@
+allow vendor_init apexd_prop:file read;
+allow vendor_init bootanim_system_prop:file read;
+allow vendor_init default_prop:property_service set;
+allow vendor_init radio_core_data_file:dir { getattr search setattr };
+allow vendor_init shell_prop:file read;
+allow vendor_init system_prop:file r_file_perms;
+allow vendor_init system_prop:property_service set;
\ No newline at end of file