diff --git a/etc/vncflinger.rc b/etc/vncflinger.rc
index 3e865958cde76474954b54e68a23e55ec27bdde2..30e0649fa7227b6c5d943fbe5d38bc5d8603f052 100644
--- a/etc/vncflinger.rc
+++ b/etc/vncflinger.rc
@@ -10,3 +10,7 @@ on property:persist.vnc.enable=true
 
 on property:persist.vnc.enable=false
     stop vncflinger
+
+on boot
+    # vnc
+    chmod 0666 /dev/uinput
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9c73aa483698e2fdf52c7bc5ee738f11ca814867..40273325cf43b9bd46431e49f80b25e2de8cbe85 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1 +1,2 @@
 /system/bin/vncflinger   u:object_r:vncflinger_exec:s0
+/system/bin/vncpasswd    u:object_r:vncflinger_exec:s0
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
new file mode 100644
index 0000000000000000000000000000000000000000..82468dc3a702839e0028e5e0f78f5023a4d674d9
--- /dev/null
+++ b/sepolicy/system_app.te
@@ -0,0 +1,4 @@
+allow system_app vncflinger_exec:file { r_file_perms execute execute_no_trans map };
+
+# uinput
+allow system_app uhid_device:chr_file rw_file_perms;
diff --git a/sepolicy/vncflinger.te b/sepolicy/vncflinger.te
index edeccc4875efa97068d68b4b22145dfd962858a6..511dd47083423334034267cde0f04fca29f1da46 100644
--- a/sepolicy/vncflinger.te
+++ b/sepolicy/vncflinger.te
@@ -1,4 +1,4 @@
-type vncflinger_exec, exec_type, file_type;
+type vncflinger_exec, exec_type, file_type, system_file_type;
 type vncflinger, domain;
 typeattribute vncflinger coredomain;