diff --git a/BoardConfig.mk b/BoardConfig.mk
index cbb6d69519d7b18f898c0e4fde6a36e8388010ec..d1ae8e48886913305bc72e8275b0806fdcc9943f 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -43,5 +43,9 @@ TARGET_HAS_NO_WLAN_STATS := true
 # RIL
 ENABLE_VENDOR_RIL_SERVICE := false
 
+# SELinux
+BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy-mods/vendor
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy-mods/private
+
 # inherit from the proprietary version
 -include vendor/motorola/beckham/BoardConfigVendor.mk
diff --git a/sepolicy-mods/private/cameraserver.te b/sepolicy-mods/private/cameraserver.te
new file mode 100644
index 0000000000000000000000000000000000000000..53c7fd6c296e7671c98db41f5a22727a9d5f996a
--- /dev/null
+++ b/sepolicy-mods/private/cameraserver.te
@@ -0,0 +1 @@
+allow cameraserver mods_service:service_manager find;
diff --git a/sepolicy-mods/private/platform_app.te b/sepolicy-mods/private/platform_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..d0dd995132cadf758403ca465f369c635c973d47
--- /dev/null
+++ b/sepolicy-mods/private/platform_app.te
@@ -0,0 +1,3 @@
+allow platform_app mods_service:service_manager find;
+allow platform_app mods_service:service_manager add;
+
diff --git a/sepolicy-mods/private/service.te b/sepolicy-mods/private/service.te
new file mode 100644
index 0000000000000000000000000000000000000000..b178c70d2533fdd02141be9cfd601a59ba9652e1
--- /dev/null
+++ b/sepolicy-mods/private/service.te
@@ -0,0 +1,4 @@
+type mods_service,                 service_manager_type;
+type mot_app_service,              service_manager_type;
+type mot_panel_service,            service_manager_type;
+type mot_system_service,           service_manager_type;
diff --git a/sepolicy-mods/private/service_contexts b/sepolicy-mods/private/service_contexts
new file mode 100644
index 0000000000000000000000000000000000000000..d2c486eb9046d3f6cfcc6685ee7c2303f36f2114
--- /dev/null
+++ b/sepolicy-mods/private/service_contexts
@@ -0,0 +1 @@
+ModService                           u:object_r:mods_service:s0
diff --git a/sepolicy-mods/vendor/device.te b/sepolicy-mods/vendor/device.te
new file mode 100644
index 0000000000000000000000000000000000000000..c4e8a716bdfad09ea213e650dd3fedabf0b26891
--- /dev/null
+++ b/sepolicy-mods/vendor/device.te
@@ -0,0 +1,2 @@
+type greybus_raw_device, dev_type, mlstrustedobject;
+type mods_camd_device, dev_type, mlstrustedobject;
diff --git a/sepolicy-mods/vendor/file.te b/sepolicy-mods/vendor/file.te
new file mode 100644
index 0000000000000000000000000000000000000000..c462dbdc47f10da567ff6fb707b3f7a44569316e
--- /dev/null
+++ b/sepolicy-mods/vendor/file.te
@@ -0,0 +1,4 @@
+# Greybus
+type sysfs_greybus, fs_type, sysfs_type, mlstrustedobject;
+type gbfirmware_file, file_type, core_data_file_type, data_file_type, mlstrustedobject;
+type sysfs_mods_camd, fs_type, sysfs_type, mlstrustedobject;
diff --git a/sepolicy-mods/vendor/file_contexts b/sepolicy-mods/vendor/file_contexts
new file mode 100644
index 0000000000000000000000000000000000000000..12eaf21b63562363fb06c4693046b6373c72049b
--- /dev/null
+++ b/sepolicy-mods/vendor/file_contexts
@@ -0,0 +1,30 @@
+/(vendor|system/vendor)/bin/init\.gbmods\.sh                u:object_r:init-gbmods-sh_exec:s0
+/(vendor|system/vendor)/bin/mods_camd                       u:object_r:mods_exec:s0
+
+# Greybus (Mods)
+/data/gbfirmware(/.*)?                                      u:object_r:gbfirmware_file:s0
+/dev/gbraw[0-9]*                                            u:object_r:greybus_raw_device:s0
+/sys/bus/greybus(/.*)?                                      u:object_r:sysfs_greybus:s0
+/sys/class/i2c-adapter/i2c-7/7-002d/enable                  u:object_r:sysfs_greybus:s0
+/sys/devices/virtual/video4linux                            u:object_r:sysfs_greybus:s0
+/sys/module/uvcvideo/parameters/quirks                      u:object_r:sysfs_greybus:s0
+
+/dev/mot_camera_ext[0-9]*                                         u:object_r:mods_camd_device:s0
+/sys/devices/soc/(.+)hsusb(.+)/uevent                             u:object_r:sysfs_mods_camd:s0
+/sys/devices/soc/(.+)ssusb/power_supply/usb/type                  u:object_r:sysfs_mods_camd:s0
+/sys/devices/soc/(.+)ssusb/power_supply/usb/online                u:object_r:sysfs_mods_camd:s0
+/sys/devices/soc/(.+)fd/video4linux/video([0-9])+/name            u:object_r:sysfs_mods_camd:s0
+/sys/devices/soc/(.+)msm-cam/video4linux/video([0-9])+/name       u:object_r:sysfs_mods_camd:s0
+/sys/devices/soc/(.+)cci/(.+)/video4linux/video([0-9])+/name      u:object_r:sysfs_mods_camd:s0
+/sys/devices/soc/(.+)hsusb(.+)/video4linux/video([0-9])+/name     u:object_r:sysfs_mods_camd:s0
+/sys/module/usb3813_hub/parameters/ignore_typec                   u:object_r:sysfs_mods_camd:s0
+
+/dev/v4l-subdev[0-9]*	                                          u:object_r:video_device:s0
+
+/sys/devices/virtual/video4linux/mot_camera_ext([0-9])+/name		u:object_r:sysfs_mods_camd:s0
+/sys/devices/virtual/video4linux/mot_camera_ext([0-9])+/uevent		u:object_r:sysfs_mods_camd:s0
+/sys/devices/virtual/video4linux/mot_camera_ext([0-9])+/open_mode	u:object_r:sysfs_mods_camd:s0
+
+/sys/devices/virtual/video4linux/video([0-9])+/name			u:object_r:sysfs_mods_camd:s0
+/sys/devices/virtual/video4linux/video([0-9])+/uevent			u:object_r:sysfs_mods_camd:s0
+/sys/devices/virtual/video4linux/video([0-9])+/open_mode		u:object_r:sysfs_mods_camd:s0
diff --git a/sepolicy-mods/vendor/genfs_contexts b/sepolicy-mods/vendor/genfs_contexts
new file mode 100644
index 0000000000000000000000000000000000000000..1cb3c9434c521bcf02fb248979981d8c76255850
--- /dev/null
+++ b/sepolicy-mods/vendor/genfs_contexts
@@ -0,0 +1,10 @@
+genfscon sysfs /devices/platform/mods_ap                 u:object_r:sysfs_greybus:s0
+genfscon sysfs /devices/soc/0.apba_ctrl                  u:object_r:sysfs_greybus:s0
+genfscon sysfs /devices/soc/0.muc                        u:object_r:sysfs_greybus:s0
+genfscon sysfs /devices/soc/soc:muc_svc@0                u:object_r:sysfs_greybus:s0
+genfscon sysfs /devices/soc/soc:muc                      u:object_r:sysfs_greybus:s0
+genfscon sysfs /devices/platform/mods_codec.0            u:object_r:sysfs_greybus:s0
+genfscon sysfs /devices/virtual/hwmon/hwmon41/subsystem  u:object_r:sysfs_greybus:s0
+genfscon sysfs /class/vendor/mod0                        u:object_r:sysfs_greybus:s0
+genfscon sysfs /class/power_supply/gb_ptp                u:object_r:sysfs_greybus:s0
+genfscon sysfs /module/qpnp_smbcharger_mmi               u:object_r:sysfs_greybus:s0
diff --git a/sepolicy-mods/vendor/hal_audio_default.te b/sepolicy-mods/vendor/hal_audio_default.te
new file mode 100644
index 0000000000000000000000000000000000000000..d255d91dbd3f486073a43032a3f5775e8e8e14f8
--- /dev/null
+++ b/sepolicy-mods/vendor/hal_audio_default.te
@@ -0,0 +1,2 @@
+allow hal_audio_default sysfs_greybus:dir { search };
+allow hal_audio_default sysfs_greybus:file { getattr open read };
diff --git a/sepolicy-mods/vendor/hal_health_default.te b/sepolicy-mods/vendor/hal_health_default.te
new file mode 100644
index 0000000000000000000000000000000000000000..55c0d3daec0f46d0e212054348bdbf005b96bd3f
--- /dev/null
+++ b/sepolicy-mods/vendor/hal_health_default.te
@@ -0,0 +1,2 @@
+allow hal_health_default sysfs_greybus:dir r_dir_perms;
+allow hal_health_default sysfs_greybus:file rw_file_perms;
diff --git a/sepolicy-mods/vendor/healthd.te b/sepolicy-mods/vendor/healthd.te
new file mode 100644
index 0000000000000000000000000000000000000000..7a50452b1ea546a44000c6b5d6837f68d7109e92
--- /dev/null
+++ b/sepolicy-mods/vendor/healthd.te
@@ -0,0 +1,4 @@
+allow healthd sysfs_greybus:dir r_dir_perms;
+allow healthd sysfs_greybus:file rw_file_perms;
+allow healthd sysfs_mods_camd:dir r_dir_perms;
+allow healthd sysfs_mods_camd:file rw_file_perms;
diff --git a/sepolicy-mods/vendor/init_gbmods.te b/sepolicy-mods/vendor/init_gbmods.te
new file mode 100644
index 0000000000000000000000000000000000000000..c556cb50c976ae00043a806eeb3c47922bdb7f34
--- /dev/null
+++ b/sepolicy-mods/vendor/init_gbmods.te
@@ -0,0 +1,16 @@
+type init-gbmods-sh, domain;
+type init-gbmods-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-gbmods-sh)
+
+allow init-gbmods-sh vendor_shell_exec:file rx_file_perms;
+allow init-gbmods-sh vendor_toolbox_exec:file rx_file_perms;
+
+# execute grep
+allow init-gbmods-sh vendor_file:file rx_file_perms;
+
+# Allow insmod
+allow init-gbmods-sh self:capability sys_module;
+allow init-gbmods-sh vendor_file:system module_load;
+
+set_prop(init-gbmods-sh, ctl_default_prop)
diff --git a/sepolicy-mods/vendor/mods.te b/sepolicy-mods/vendor/mods.te
new file mode 100644
index 0000000000000000000000000000000000000000..719b637188153f8d8e27f8ec27a8fa331d3f7bcf
--- /dev/null
+++ b/sepolicy-mods/vendor/mods.te
@@ -0,0 +1,14 @@
+type mods, domain;
+type mods_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(mods)
+
+allow mods video_device:{ chr_file file } rw_file_perms;
+allow mods self:netlink_kobject_uevent_socket { bind create read setopt };
+allow mods sysfs_graphics:file rw_file_perms;
+allow mods ion_device:chr_file { open read };
+allow mods sysfs_graphics:dir search;
+allow mods sysfs_mods_camd:file r_file_perms;
+allow mods sysfs_greybus:dir r_dir_perms;
+allow mods sysfs_greybus:file rw_file_perms;
+
diff --git a/sepolicy-mods/vendor/mods_camd.te b/sepolicy-mods/vendor/mods_camd.te
new file mode 100644
index 0000000000000000000000000000000000000000..9a885a65f108e25e155a4f2e8126f184ab3a7bd8
--- /dev/null
+++ b/sepolicy-mods/vendor/mods_camd.te
@@ -0,0 +1,24 @@
+type mods_camd, domain;
+type mods_camd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(mods_camd)
+
+allow mods_camd ion_device:chr_file rw_file_perms;
+allow mods_camd video_device:chr_file rw_file_perms;
+
+allow mods_camd self:netlink_kobject_uevent_socket { bind create read setopt };
+allow mods_camd sysfs_mods_camd:file rw_file_perms;
+allow mods_camd sysfs_mods_camd:dir r_dir_perms;
+allow mods_camd sysfs:file { getattr read write };
+allow mods_camd sysfs:file { getattr open read write };
+
+allow mods_camd mods_camd_device:chr_file {getattr ioctl open read write };
+
+allow mods_camd sysfs_greybus:file rw_file_perms;
+allow mods_camd sysfs_greybus:dir r_dir_perms;
+
+allow mods_camd cameraserver:fd use;
+allow mods_camd gpu_device:chr_file { ioctl open read write };
+allow mods_camd init:unix_stream_socket connectto;
+allow mods_camd property_socket:sock_file write;
+allow mods_camd surfaceflinger:fd use;
+allow mods_camd camera_prop:property_service set;
diff --git a/sepolicy-mods/vendor/platform_app.te b/sepolicy-mods/vendor/platform_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..048e205c47c7f7bd304afcab46a64de5c53436d4
--- /dev/null
+++ b/sepolicy-mods/vendor/platform_app.te
@@ -0,0 +1,16 @@
+allow platform_app sysfs_vibrator:file rw_file_perms;
+allow platform_app sysfs_usb_supply:dir search;
+allow platform_app sysfs_vibrator:dir { search r_dir_perms };
+allow platform_app default_android_service:service_manager find;
+allow platform_app greybus_raw_device:chr_file rw_file_perms;
+allow platform_app greybus_raw_device:dir rw_dir_perms;
+allow platform_app input_device:chr_file getattr;
+allow platform_app input_device:dir search;
+allow platform_app self:netlink_kobject_uevent_socket { bind create read setopt };
+allow platform_app sysfs_greybus:dir r_dir_perms;
+allow platform_app sysfs_greybus:file rw_file_perms;
+allow platform_app sysfs_greybus:lnk_file r_file_perms;
+allow platform_app sysfs_mods_camd:file rw_file_perms;
+allow platform_app sysfs_mods_camd:dir r_dir_perms;
+allow platform_app gbfirmware_file:dir create_dir_perms;
+allow platform_app gbfirmware_file:file create_file_perms;