diff --git a/sepolicy/vendor/cnd.te b/sepolicy/vendor/cnd.te
index ca562c9a..d7aa8103 100644
--- a/sepolicy/vendor/cnd.te
+++ b/sepolicy/vendor/cnd.te
@@ -29,3 +29,8 @@ hwbinder_use(cnd)
 get_prop(cnd, hwservicemanager_prop)
 binder_call(cnd, dataservice_app)
 binder_call(cnd, ims)
+
+userdebug_or_eng(`
+  allow cnd diag_device:chr_file rw_file_perms;
+')
+dontaudit cnd diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
index 7bea2e1b..d9cb26aa 100644
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -31,4 +31,6 @@ allow hal_graphics_composer_default display_vendor_data_file:file create_file_pe
 userdebug_or_eng(`
         allow hal_graphics_composer_default debugfs_mdp:dir r_dir_perms;
         allow hal_graphics_composer_default debugfs_mdp:file r_file_perms;
+        allow hal_graphics_composer_default diag_device:chr_file rw_file_perms;
 ')
+dontaudit hal_graphics_composer_default diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
index fa473a87..ec604515 100644
--- a/sepolicy/vendor/hal_sensors_default.te
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -12,4 +12,6 @@ allow hal_sensors_default qdsp_device:chr_file r_file_perms;
 userdebug_or_eng(`
   r_dir_file(hal_sensors_default, sysfs_diag)
   allow hal_sensors_default sysfs_timestamp_switch:file r_file_perms;
+  allow hal_sensors_default diag_device:chr_file rw_file_perms;
 ')
+dontaudit hal_sensors_default diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/ims.te b/sepolicy/vendor/ims.te
index a229417f..4a11d749 100644
--- a/sepolicy/vendor/ims.te
+++ b/sepolicy/vendor/ims.te
@@ -33,3 +33,8 @@ r_dir_file(ims, sysfs_diag)
 hwbinder_use(ims)
 allow ims hal_cne_hwservice:hwservice_manager find;
 binder_call(ims, cnd)
+
+userdebug_or_eng(`
+  allow ims diag_device:chr_file rw_file_perms;
+')
+dontaudit ims diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
index adbc4b6d..197f6720 100644
--- a/sepolicy/vendor/netmgrd.te
+++ b/sepolicy/vendor/netmgrd.te
@@ -40,7 +40,9 @@ domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
 allow netmgrd sysfs_timestamp_switch:file { read open };
 userdebug_or_eng(`
   r_dir_file(netmgrd, sysfs_diag)
+  allow netmgrd diag_device:chr_file rw_file_perms;
 ')
+dontaudit netmgrd diag_device:chr_file rw_file_perms;
 
 #Ignore if device loading for private IOCTL failed
 dontaudit netmgrd kernel:system { module_request };
diff --git a/sepolicy/vendor/netutils_wrapper.te b/sepolicy/vendor/netutils_wrapper.te
index ec34fd39..f8c6f80a 100644
--- a/sepolicy/vendor/netutils_wrapper.te
+++ b/sepolicy/vendor/netutils_wrapper.te
@@ -5,3 +5,8 @@ allow netutils_wrapper netmgrd:fifo_file { getattr read write append };
 dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append };
 dontaudit netutils_wrapper kernel:system module_request;
 dontaudit netutils_wrapper self:capability sys_module;
+
+userdebug_or_eng(`
+  allow netutils_wrapper diag_device:chr_file rw_file_perms;
+')
+dontaudit netutils_wrapper diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/qti.te b/sepolicy/vendor/qti.te
index a5d1aa84..e71ac822 100644
--- a/sepolicy/vendor/qti.te
+++ b/sepolicy/vendor/qti.te
@@ -14,3 +14,8 @@ allow qti self:socket create_socket_perms;
 allowxperm qti self:socket ioctl msm_sock_ipc_ioctls;
 
 r_dir_file(qti, sysfs_msm_subsys)
+
+userdebug_or_eng(`
+  allow qti diag_device:chr_file rw_file_perms;
+')
+dontaudit qti diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te
index 15d084ce..ff643af7 100644
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
@@ -21,7 +21,9 @@ allow rild time_daemon:unix_stream_socket connectto;
 
 userdebug_or_eng(`
   domain_auto_trans(rild, smlog_dump_exec, smlog_dump)
+  allow rild diag_device:chr_file rw_file_perms;
 ')
+dontaudit rild diag_device:chr_file rw_file_perms;
 
 allow rild radio_vendor_data_file:dir rw_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/sensors.te b/sepolicy/vendor/sensors.te
index fb4cf3af..a3139932 100644
--- a/sepolicy/vendor/sensors.te
+++ b/sepolicy/vendor/sensors.te
@@ -29,4 +29,6 @@ r_dir_file(sensors, sysfs_msm_subsys)
 userdebug_or_eng(`
   r_dir_file(sensors, sysfs_diag)
   allow sensors sysfs_timestamp_switch:file r_file_perms;
+  allow sensors diag_device:chr_file rw_file_perms;
 ')
+dontaudit sensors diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te
index 8009959d..e69c1890 100644
--- a/sepolicy/vendor/thermal-engine.te
+++ b/sepolicy/vendor/thermal-engine.te
@@ -33,3 +33,8 @@ allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
 
 # reboot/shutdown for thermal limits exceeded
 set_prop(thermal-engine, powerctl_prop)
+
+userdebug_or_eng(`
+  allow thermal-engine diag_device:chr_file rw_file_perms;
+')
+dontaudit thermal-engine diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/time_daemon.te b/sepolicy/vendor/time_daemon.te
index 82a62e2f..d58bc237 100644
--- a/sepolicy/vendor/time_daemon.te
+++ b/sepolicy/vendor/time_daemon.te
@@ -23,3 +23,8 @@ allow time_daemon persist_file:dir search;
 
 allow time_daemon self:socket create_socket_perms;
 allowxperm time_daemon self:socket ioctl msm_sock_ipc_ioctls;
+
+userdebug_or_eng(`
+  allow time_daemon diag_device:chr_file rw_file_perms;
+')
+dontaudit time_daemon diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/wcnss_service.te b/sepolicy/vendor/wcnss_service.te
index aebd86f1..db2d1292 100644
--- a/sepolicy/vendor/wcnss_service.te
+++ b/sepolicy/vendor/wcnss_service.te
@@ -31,7 +31,9 @@ userdebug_or_eng(`
   r_dir_file(wcnss_service, proc_wifi_dbg)
   r_dir_file(wcnss_service, sysfs_diag)
   allow wcnss_service sysfs_timestamp_switch:file r_file_perms;
+  allow wcnss_service diag_device:chr_file rw_file_perms;
 ')
+dontaudit wcnss_service diag_device:chr_file rw_file_perms;
 
 allow wcnss_service sysfs_soc:dir search;
 allow wcnss_service sysfs_soc:file r_file_perms;