diff --git a/sepolicy/vendor/dnsmasq.te b/sepolicy/vendor/dnsmasq.te
new file mode 100644
index 00000000..35f58fb6
--- /dev/null
+++ b/sepolicy/vendor/dnsmasq.te
@@ -0,0 +1 @@
+dontaudit dnsmasq kernel:system module_request;
diff --git a/sepolicy/vendor/hal_graphics_allocator_default.te b/sepolicy/vendor/hal_graphics_allocator_default.te
new file mode 100644
index 00000000..102fe8b3
--- /dev/null
+++ b/sepolicy/vendor/hal_graphics_allocator_default.te
@@ -0,0 +1 @@
+dontaudit hal_graphics_allocator_default kernel:system module_request;
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
index d9cb26aa..42aa3935 100644
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -34,3 +34,5 @@ userdebug_or_eng(`
         allow hal_graphics_composer_default diag_device:chr_file rw_file_perms;
 ')
 dontaudit hal_graphics_composer_default diag_device:chr_file rw_file_perms;
+
+dontaudit hal_graphics_composer_default kernel:system module_request;
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
index 197f6720..22c59775 100644
--- a/sepolicy/vendor/netmgrd.te
+++ b/sepolicy/vendor/netmgrd.te
@@ -35,6 +35,7 @@ wakelock_use(netmgrd)
 
 #Allow netutils usage
 domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
+allow netmgrd netutils_wrapper:process sigkill;
 
 #Allow diag logging
 allow netmgrd sysfs_timestamp_switch:file { read open };
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index 796d3155..d71ce1d6 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -22,3 +22,5 @@ dontaudit system_server audioserver:file write;
 dontaudit system_server untrusted_app:file write;
 dontaudit system_server hal_audio_default:file write;
 dontaudit system_server appdomain:file write;
+
+dontaudit system_server self:capability sys_module;
diff --git a/sepolicy/vendor/wcnss_service.te b/sepolicy/vendor/wcnss_service.te
index db2d1292..a6f143c2 100644
--- a/sepolicy/vendor/wcnss_service.te
+++ b/sepolicy/vendor/wcnss_service.te
@@ -40,3 +40,5 @@ allow wcnss_service sysfs_soc:file r_file_perms;
 
 # request_firmware causes a denial for /firmware. It can be safely ignored
 dontaudit wcnss_service firmware_file:dir search;
+
+r_dir_file(wcnss_service, sysfs_net)