diff --git a/BoardConfig.mk b/BoardConfig.mk
index ae17279..70921e1 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -135,6 +135,10 @@ TARGET_RECOVERY_PIXEL_FORMAT := "RGBX_8888"
 # RIL
 ENABLE_VENDOR_RIL_SERVICE := true
 
+# Sepolicy
+include device/mediatek/sepolicy_vndr/SEPolicy.mk
+BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
+
 # SPL
 VENDOR_SECURITY_PATCH := 2021-10-01
 
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
new file mode 100644
index 0000000..c39d356
--- /dev/null
+++ b/sepolicy/vendor/file.te
@@ -0,0 +1,3 @@
+# Fingerprint
+type vendor_fingerprint_data_file, data_file_type, file_type;
+type vendor_fingerprint_device, dev_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
new file mode 100644
index 0000000..cdfdd22
--- /dev/null
+++ b/sepolicy/vendor/file_contexts
@@ -0,0 +1,10 @@
+# Fingerprint
+/mnt/vendor/persist/goodix(/.*)? 									u:object_r:vendor_fingerprint_data_file:s0
+/mnt/vendor/persist/fpc(/.*)?    									u:object_r:vendor_fingerprint_data_file:s0
+/data/vendor/fpdump(/.*)?        									u:object_r:vendor_fingerprint_data_file:s0
+/data/vendor/goodix(/.*)?        									u:object_r:vendor_fingerprint_data_file:s0
+/data/vendor/fpc(/.*)?           									u:object_r:vendor_fingerprint_data_file:s0
+/data/gf_data(/.*)?              									u:object_r:vendor_fingerprint_data_file:s0
+
+# Lights
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light-service\.rosemary                          	u:object_r:hal_light_default_exec:s0
diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te
new file mode 100644
index 0000000..617ac49
--- /dev/null
+++ b/sepolicy/vendor/hal_fingerprint_default.te
@@ -0,0 +1,13 @@
+# Allow fingerprint HAL to read and write fingerprint node
+allow hal_fingerprint_default vendor_fingerprint_device:chr_file rw_file_perms;
+
+# Allow fingerprint HAL to setup fingerprint database files
+allow hal_fingerprint_default vendor_fingerprint_data_file:dir rw_dir_perms;
+allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
+
+# Create fingerprint HAL entrypoint
+allow hal_fingerprint_default hal_fingerprint_default_exec:file entrypoint;
+
+# Allow fingerprint HAL to get and set its props
+get_prop(hal_fingerprint_default, vendor_fingerprint_prop)
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
diff --git a/sepolicy/vendor/hal_light_default.te b/sepolicy/vendor/hal_light_default.te
new file mode 100644
index 0000000..ae5d398
--- /dev/null
+++ b/sepolicy/vendor/hal_light_default.te
@@ -0,0 +1,3 @@
+# Grant read perms to hal_light_default for sysfs_leds
+allow hal_light_default sysfs_leds:file rw_file_perms;
+r_dir_file(hal_light_default, sysfs_leds)
diff --git a/sepolicy/vendor/hal_secure_element_default.te b/sepolicy/vendor/hal_secure_element_default.te
new file mode 100644
index 0000000..c323c74
--- /dev/null
+++ b/sepolicy/vendor/hal_secure_element_default.te
@@ -0,0 +1,3 @@
+# Allow SE HAL to rw nfc_device
+allow hal_secure_element_default nfc_device:file rw_file_perms;
+allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te
new file mode 100644
index 0000000..018289a
--- /dev/null
+++ b/sepolicy/vendor/hal_wifi_default.te
@@ -0,0 +1,5 @@
+# Set fw prop
+set_prop(hal_wifi_default, vendor_mtk_wifi_hal_prop)
+
+# Get hotspot prop
+get_prop(hal_wifi_default, vendor_mtk_wifi_hotspot_prop)
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
new file mode 100644
index 0000000..c922579
--- /dev/null
+++ b/sepolicy/vendor/property.te
@@ -0,0 +1 @@
+vendor_restricted_prop(vendor_fingerprint_prop);
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
new file mode 100644
index 0000000..e80778b
--- /dev/null
+++ b/sepolicy/vendor/property_contexts
@@ -0,0 +1,18 @@
+# Audio
+audio.adm.buffering.ms                                  u:object_r:vendor_mtk_audiohal_prop:s0
+audio_hal.period_multiplier                             u:object_r:vendor_mtk_audiohal_prop:s0
+vendor.audio.spkcal.copy.inhal                          u:object_r:vendor_mtk_audiohal_prop:s0
+
+# Camera
+vendor.camera.sensor.                                   u:object_r:vendor_mtk_camera_prop:s0
+persist.vendor.camera.                                  u:object_r:vendor_mtk_camera_prop:s0
+demo.hole                                               u:object_r:vendor_mtk_camera_prop:s0
+demo.near                                               u:object_r:vendor_mtk_camera_prop:s0
+demo.far                                                u:object_r:vendor_mtk_camera_prop:s0
+demo.fb                                                 u:object_r:vendor_mtk_camera_prop:s0
+
+# Fingerprint
+gf.debug.dump_bigdata_data                              u:object_r:vendor_fingerprint_prop:s0
+persist.sys.fp.goodix.                                  u:object_r:vendor_fingerprint_prop:s0
+persist.vendor.sys.fp.                                  u:object_r:vendor_fingerprint_prop:s0
+vendor.fps_hal.                                         u:object_r:vendor_fingerprint_prop:s0
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
new file mode 100644
index 0000000..872887d
--- /dev/null
+++ b/sepolicy/vendor/vendor_init.te
@@ -0,0 +1 @@
+get_prop(vendor_init, vts_status_prop)