diff --git a/citadel/citadeld.te b/citadel/citadeld.te
index a1b7a6d..266dee2 100644
--- a/citadel/citadeld.te
+++ b/citadel/citadeld.te
@@ -9,6 +9,7 @@
 init_daemon_domain(citadeld)
 
 binder_call(citadeld, hal_power_stats_default)
+allow citadeld hal_power_stats_vendor_service:service_manager find;
 
 # Let citadeld find and use statsd.
 hwbinder_use(citadeld)
diff --git a/citadel/file_contexts b/citadel/file_contexts
index d749e46..fd80454 100644
--- a/citadel/file_contexts
+++ b/citadel/file_contexts
@@ -4,6 +4,7 @@
 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel  u:object_r:hal_keymaster_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel    u:object_r:hal_rebootescrow_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel     u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel   u:object_r:hal_identity_citadel_exec:s0
 /vendor/bin/hw/citadel_updater                                     u:object_r:citadel_updater_exec:s0
 /vendor/bin/hw/citadeld                                            u:object_r:citadeld_exec:s0
 /vendor/bin/hw/init_citadel                                        u:object_r:init_citadel_exec:s0
diff --git a/citadel/hal_identity_citadel.te b/citadel/hal_identity_citadel.te
new file mode 100644
index 0000000..e29310c
--- /dev/null
+++ b/citadel/hal_identity_citadel.te
@@ -0,0 +1,9 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_identity_citadel)
+binder_call(hal_identity_citadel, citadeld)
+allow hal_identity_citadel citadeld_service:service_manager find;
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+init_daemon_domain(hal_identity_citadel)
diff --git a/citadel/vndservice.te b/citadel/vndservice.te
index 880c09c..a756bce 100644
--- a/citadel/vndservice.te
+++ b/citadel/vndservice.te
@@ -1 +1,2 @@
 type citadeld_service, vndservice_manager_type;
+type hal_power_stats_vendor_service,      vndservice_manager_type;
diff --git a/citadel/vndservice_contexts b/citadel/vndservice_contexts
index b4df996..2e1be43 100644
--- a/citadel/vndservice_contexts
+++ b/citadel/vndservice_contexts
@@ -1 +1,2 @@
 android.hardware.citadel.ICitadeld  u:object_r:citadeld_service:s0
+power.stats-vendor                  u:object_r:hal_power_stats_vendor_service:s0
diff --git a/common/file_contexts b/common/file_contexts
index e86fd9f..53c8dca 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -7,3 +7,5 @@
 /vendor/bin/awk                                     u:object_r:vendor_toolbox_exec:s0
 /vendor/bin/cp                                      u:object_r:vendor_toolbox_exec:s0
 /vendor/bin/toolbox_vendor                          u:object_r:vendor_toolbox_exec:s0
+
+/(vendor|system/vendor)/bin/hw/android\.hardware\.powerstats-service\.pixel u:object_r:hal_power_stats_default_exec:s0
diff --git a/powerstats/hal_power_stats_default.te b/powerstats/hal_power_stats_default.te
new file mode 100644
index 0000000..7e00470
--- /dev/null
+++ b/powerstats/hal_power_stats_default.te
@@ -0,0 +1,5 @@
+add_service(hal_power_stats_default, hal_power_stats_vendor_service)
+
+vndbinder_use(hal_power_stats)
+add_service(hal_power_stats_server, hal_power_stats_service)
+
diff --git a/ramdump/bug_map b/ramdump/bug_map
new file mode 100644
index 0000000..27412d8
--- /dev/null
+++ b/ramdump/bug_map
@@ -0,0 +1,2 @@
+ramdump vendor_hw_plat_prop file 161103878
+ramdump public_vendor_default_prop file 161103878
diff --git a/ramdump/common/file.te b/ramdump/common/file.te
new file mode 100644
index 0000000..e1382df
--- /dev/null
+++ b/ramdump/common/file.te
@@ -0,0 +1,2 @@
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
diff --git a/ramdump/common/file_contexts b/ramdump/common/file_contexts
new file mode 100644
index 0000000..c0c087f
--- /dev/null
+++ b/ramdump/common/file_contexts
@@ -0,0 +1,2 @@
+/data/vendor/ramdump(/.*)?                u:object_r:ramdump_vendor_data_file:s0
+/mnt/vendor/ramdump(/.*)?                 u:object_r:ramdump_vendor_mnt_file:s0
diff --git a/ramdump/common/property.te b/ramdump/common/property.te
new file mode 100644
index 0000000..1409a3d
--- /dev/null
+++ b/ramdump/common/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_ramdump_prop)
diff --git a/ramdump/common/property_contexts b/ramdump/common/property_contexts
new file mode 100644
index 0000000..25749fa
--- /dev/null
+++ b/ramdump/common/property_contexts
@@ -0,0 +1,2 @@
+ro.boot.ramdump                           u:object_r:vendor_ramdump_prop:s0
+vendor.debug.ramdump.                     u:object_r:vendor_ramdump_prop:s0
diff --git a/ramdump/file.te b/ramdump/file.te
new file mode 100644
index 0000000..3fa2b2f
--- /dev/null
+++ b/ramdump/file.te
@@ -0,0 +1 @@
+allow ramdump_vendor_mnt_file self:filesystem associate;
diff --git a/ramdump/file_contexts b/ramdump/file_contexts
new file mode 100644
index 0000000..590e61b
--- /dev/null
+++ b/ramdump/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/ramdump                       u:object_r:ramdump_exec:s0
diff --git a/ramdump/ramdump.te b/ramdump/ramdump.te
new file mode 100644
index 0000000..d8f0335
--- /dev/null
+++ b/ramdump/ramdump.te
@@ -0,0 +1,39 @@
+type ramdump_exec, exec_type, vendor_file_type, file_type;
+type ramdump, domain;
+
+userdebug_or_eng(`
+  init_daemon_domain(ramdump)
+
+  set_prop(ramdump, vendor_ramdump_prop)
+
+  # f2fs set pin file requires sys_admin
+  allow ramdump self:capability { sys_admin sys_rawio };
+
+  allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
+  allow ramdump ramdump_vendor_data_file:file create_file_perms;
+  allow ramdump proc_cmdline:file r_file_perms;
+
+  allow ramdump block_device:dir search;
+  allow ramdump misc_block_device:blk_file rw_file_perms;
+  allow ramdump userdata_block_device:blk_file rw_file_perms;
+
+  dontaudit ramdump metadata_file:dir search;
+
+  # read /fstab.${ro.hardware}
+  allow ramdump rootfs:file r_file_perms;
+
+  r_dir_file(ramdump, sysfs_type)
+
+  # To access statsd.
+  hwbinder_use(ramdump)
+  get_prop(ramdump, hwservicemanager_prop)
+  allow ramdump fwk_stats_hwservice:hwservice_manager find;
+  binder_call(ramdump, stats_service_server)
+
+  # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
+  allow ramdump fuse:filesystem relabelfrom;
+  allow ramdump fuse_device:chr_file rw_file_perms;
+  allow ramdump mnt_vendor_file:dir r_dir_perms;
+  allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
+  allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
+')
diff --git a/vibrator/common/file_contexts b/vibrator/common/file_contexts
index 8bdbb99..d1b1060 100644
--- a/vibrator/common/file_contexts
+++ b/vibrator/common/file_contexts
@@ -1 +1,2 @@
-/mnt/vendor/persist/haptics(/.*)?                                                     u:object_r:persist_haptics_file:s0
+/mnt/vendor/persist/haptics(/.*)?   u:object_r:persist_haptics_file:s0
+/persist/haptics(/.*)?              u:object_r:persist_haptics_file:s0
diff --git a/vibrator/common/property.te b/vibrator/common/property.te
new file mode 100644
index 0000000..45556ef
--- /dev/null
+++ b/vibrator/common/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_vibrator_prop)
diff --git a/vibrator/drv2624/hal_vibrator_default.te b/vibrator/drv2624/hal_vibrator_default.te
new file mode 100644
index 0000000..e015251
--- /dev/null
+++ b/vibrator/drv2624/hal_vibrator_default.te
@@ -0,0 +1,7 @@
+allow hal_vibrator_default sysfs_leds:dir search;
+
+allow hal_vibrator_default mnt_vendor_file:dir search;
+allow hal_vibrator_default persist_file:dir search;
+r_dir_file(hal_vibrator_default, persist_haptics_file)
+
+get_prop(hal_vibrator_default, vendor_vibrator_prop);
diff --git a/vibrator/drv2624/property_contexts b/vibrator/drv2624/property_contexts
new file mode 100644
index 0000000..f008230
--- /dev/null
+++ b/vibrator/drv2624/property_contexts
@@ -0,0 +1 @@
+ro.vibrator.hal.    u:object_r:vendor_vibrator_prop:s0
diff --git a/vibrator/drv2624/vendor_init.te b/vibrator/drv2624/vendor_init.te
new file mode 100644
index 0000000..417a40c
--- /dev/null
+++ b/vibrator/drv2624/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_vibrator_prop)
diff --git a/wifi_ext/file_contexts b/wifi_ext/file_contexts
new file mode 100644
index 0000000..acbd266
--- /dev/null
+++ b/wifi_ext/file_contexts
@@ -0,0 +1,3 @@
+# Wifi
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor          u:object_r:hal_wifi_ext_exec:s0
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy     u:object_r:hal_wifi_ext_exec:s0
diff --git a/wifi_ext/hal_wifi_ext.te b/wifi_ext/hal_wifi_ext.te
new file mode 100644
index 0000000..091f211
--- /dev/null
+++ b/wifi_ext/hal_wifi_ext.te
@@ -0,0 +1,8 @@
+type hal_wifi_ext, domain;
+hal_server_domain(hal_wifi_ext, hal_wifi)
+
+type hal_wifi_ext_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_wifi_ext)
+
+# Allow to start the IWifi:wifi_ext service
+add_hwservice(hal_wifi_ext, hal_wifi_ext_hwservice);
diff --git a/wifi_ext/hwservice.te b/wifi_ext/hwservice.te
new file mode 100644
index 0000000..1fe9148
--- /dev/null
+++ b/wifi_ext/hwservice.te
@@ -0,0 +1,2 @@
+# wifi_ext service
+type hal_wifi_ext_hwservice, hwservice_manager_type;
diff --git a/wifi_ext/hwservice_contexts b/wifi_ext/hwservice_contexts
new file mode 100644
index 0000000..e8de4ce
--- /dev/null
+++ b/wifi_ext/hwservice_contexts
@@ -0,0 +1,2 @@
+# Wifi
+vendor.google.wifi_ext::IWifiExt                                u:object_r:hal_wifi_ext_hwservice:s0