diff --git a/BoardConfig.mk b/BoardConfig.mk
index 9e8abe85e0191dd866c72f9e13ac03aa6296913e..fb034ff2b688c42cee1c78f02e714fb99f4b21ad 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -36,7 +36,7 @@ BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
 TARGET_COPY_OUT_VENDOR := vendor
 
 # SELinux
-#BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy
+BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy
 
 # Treble
 BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
diff --git a/rootdir/etc/fstab.qcom b/rootdir/etc/fstab.qcom
index c8a98366231a5d2facec95ba0875869f38012675..2841bc0273744caafc5573b038d964aeb2fe2554 100644
--- a/rootdir/etc/fstab.qcom
+++ b/rootdir/etc/fstab.qcom
@@ -11,13 +11,10 @@
 /devices/soc/c084000.sdhci/mmc_host*     auto               auto   defaults                                         wait,voldmanaged=sdcard1:auto
 /dev/block/zram0                         none               swap   defaults                                         zramsize=1073741824
 /dev/block/bootdevice/by-name/misc       /misc              emmc   defaults                                         defaults
-#/dev/block/bootdevice/by-name/modem      /firmware          ext4   ro,nosuid,nodev,context=u:object_r:firmware_file:s0 wait,slotselect
-#/dev/block/bootdevice/by-name/bluetooth  /bt_firmware       ext4   ro,nosuid,nodev,context=u:object_r:bt_firmware_file:s0 wait,slotselect
-/dev/block/bootdevice/by-name/modem      /firmware          ext4   ro,nosuid,nodev wait,slotselect
-/dev/block/bootdevice/by-name/bluetooth  /bt_firmware       ext4   ro,nosuid,nodev wait,slotselect
+/dev/block/bootdevice/by-name/modem      /firmware          ext4   ro,nosuid,nodev,context=u:object_r:firmware_file:s0 wait,slotselect
+/dev/block/bootdevice/by-name/bluetooth  /bt_firmware       ext4   ro,nosuid,nodev,context=u:object_r:bt_firmware_file:s0 wait,slotselect
 /dev/block/bootdevice/by-name/dsp        /dsp               ext4   ro,nosuid,nodev,barrier=1                        wait,slotselect
 /dev/block/bootdevice/by-name/persist    /persist           ext4   nosuid,nodev,noatime,barrier=1                           wait
-#/dev/block/bootdevice/by-name/fsg        /vendor/fsg        ext4   ro,nosuid,nodev,context=u:object_r:fsg_file:s0   wait,slotselect
-/dev/block/bootdevice/by-name/fsg        /vendor/fsg        ext4   ro,nosuid,nodev   wait,slotselect
+/dev/block/bootdevice/by-name/fsg        /vendor/fsg        ext4   ro,nosuid,nodev,context=u:object_r:fsg_firmware_file:s0   wait,slotselect
 #/dev/block/bootdevice/by-name/oem        /oem               ext4   ro,nosuid,nodev,context=u:object_r:oemfs:s0      wait,verify,slotselect
 /devices/*/xhci-hcd.*.auto/usb*          auto               auto   defaults                                         voldmanaged=usb:auto
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000000000000000000000000000000000000..82f9d0ade94c5f50cc3da1abb4436051dd946d4b
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,9 @@
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p([3-9]|[1-5][0-9]|6[0-7])          u:object_r:gpt_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p2[12]      u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p2[34]      u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p3[67]      u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p5[67]      u:object_r:ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p6[34]      u:object_r:system_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p4[67]      u:object_r:ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p1          u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p2          u:object_r:xbl_block_device:s0