diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 001b95e..7b7b7a4 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -24,5 +24,11 @@ BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW := $(strip $(shell cat $(DEV
 BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD += $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW)
 BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES += $(addprefix $(KERNEL_MODULE_DIR)/, $(notdir $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW)))
 
+# SEPolicy
+BOARD_VENDOR_SEPOLICY_DIRS += \
+    $(DEVICE_PATH)/sepolicy/vendor \
+    hardware/google/pixel-sepolicy/vibrator/common \
+    hardware/google/pixel-sepolicy/vibrator/cs40l25
+
 # WiFi
 include device/google/gs101/wifi/BoardConfig-wifi.mk
diff --git a/oriole/BoardConfig.mk b/oriole/BoardConfig.mk
index e2aba5a..ce0a95e 100644
--- a/oriole/BoardConfig.mk
+++ b/oriole/BoardConfig.mk
@@ -10,7 +10,8 @@ TARGET_BOOTLOADER_BOARD_NAME := $(DEVICE_CODENAME)
 TARGET_SCREEN_DENSITY := 420
 
 # SEPolicy
-include device/google/raviole/sepolicy/oriole-sepolicy.mk
+BOARD_VENDOR_SEPOLICY_DIRS += \
+    $(DEVICE_PATH)/sepolicy/$(DEVICE_CODENAME)/vendor
 
 include $(DEVICE_PATH)/BoardConfigCommon.mk
 
diff --git a/raven/BoardConfig.mk b/raven/BoardConfig.mk
index 8730f1a..1901782 100644
--- a/raven/BoardConfig.mk
+++ b/raven/BoardConfig.mk
@@ -10,7 +10,8 @@ TARGET_BOOTLOADER_BOARD_NAME := $(DEVICE_CODENAME)
 TARGET_SCREEN_DENSITY := 560
 
 # SEPolicy
-include device/google/raviole/sepolicy/raven-sepolicy.mk
+BOARD_VENDOR_SEPOLICY_DIRS += \
+    $(DEVICE_PATH)/sepolicy/$(DEVICE_CODENAME)/vendor
 
 include $(DEVICE_PATH)/BoardConfigCommon.mk
 
diff --git a/sepolicy/oriole-sepolicy.mk b/sepolicy/oriole-sepolicy.mk
deleted file mode 100644
index 5887774..0000000
--- a/sepolicy/oriole-sepolicy.mk
+++ /dev/null
@@ -1,11 +0,0 @@
-# Oriole only sepolicy
-BOARD_SEPOLICY_DIRS += device/google/gs101/sepolicy/oriole
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy
-
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/common
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/cs40l25
diff --git a/sepolicy/oriole/euiccpixel_app.te b/sepolicy/oriole/euiccpixel_app.te
deleted file mode 100644
index 5472658..0000000
--- a/sepolicy/oriole/euiccpixel_app.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# EuiccSupportPixel app
-
-userdebug_or_eng(`
-    allow euiccpixel_app sysfs_touch:dir search;
-')
-
diff --git a/sepolicy/oriole/grilservice_app.te b/sepolicy/oriole/grilservice_app.te
deleted file mode 100644
index ad0a779..0000000
--- a/sepolicy/oriole/grilservice_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
diff --git a/sepolicy/oriole/vendor/dump_stm.te b/sepolicy/oriole/vendor/dump_stm.te
new file mode 100644
index 0000000..7d0f237
--- /dev/null
+++ b/sepolicy/oriole/vendor/dump_stm.te
@@ -0,0 +1,8 @@
+get_prop(dump_stm, vendor_touch_dump_path_prop)
+
+pixel_bugreport(dump_stm)
+
+allow dump_stm proc_touch:file rw_file_perms;
+allow dump_stm sysfs_touch:dir search;
+allow dump_stm sysfs_touch:file rw_file_perms;
+allow dump_stm vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/oriole/vendor/file.te b/sepolicy/oriole/vendor/file.te
new file mode 100644
index 0000000..fad5452
--- /dev/null
+++ b/sepolicy/oriole/vendor/file.te
@@ -0,0 +1 @@
+type proc_touch, fs_type, proc_type;
diff --git a/sepolicy/oriole/vendor/file_contexts b/sepolicy/oriole/vendor/file_contexts
new file mode 100644
index 0000000..5b7a276
--- /dev/null
+++ b/sepolicy/oriole/vendor/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/dump/dump_stm\.sh u:object_r:dump_stm_exec:s0
diff --git a/sepolicy/oriole/vendor/genfs_contexts b/sepolicy/oriole/vendor/genfs_contexts
new file mode 100644
index 0000000..dc5fe83
--- /dev/null
+++ b/sepolicy/oriole/vendor/genfs_contexts
@@ -0,0 +1,5 @@
+genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
+genfscon proc /fts/driver_test u:object_r:proc_touch:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0 u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0
diff --git a/sepolicy/oriole/vendor/init.te b/sepolicy/oriole/vendor/init.te
new file mode 100644
index 0000000..74a6666
--- /dev/null
+++ b/sepolicy/oriole/vendor/init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_touch_dump_path_prop)
diff --git a/sepolicy/oriole/vendor/property.te b/sepolicy/oriole/vendor/property.te
new file mode 100644
index 0000000..5484690
--- /dev/null
+++ b/sepolicy/oriole/vendor/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_touch_dump_path_prop)
diff --git a/sepolicy/oriole/vendor/property_contexts b/sepolicy/oriole/vendor/property_contexts
new file mode 100644
index 0000000..524cc8b
--- /dev/null
+++ b/sepolicy/oriole/vendor/property_contexts
@@ -0,0 +1 @@
+ro.vendor.touch.dump. u:object_r:vendor_touch_dump_path_prop:s0
diff --git a/sepolicy/raven-sepolicy.mk b/sepolicy/raven-sepolicy.mk
deleted file mode 100644
index 08cc0e5..0000000
--- a/sepolicy/raven-sepolicy.mk
+++ /dev/null
@@ -1,11 +0,0 @@
-# Ravne only sepolicy
-BOARD_SEPOLICY_DIRS += device/google/gs101/sepolicy/raven
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/lsi/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy
-
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/common
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/cs40l25
diff --git a/sepolicy/raven/euiccpixel_app.te b/sepolicy/raven/euiccpixel_app.te
deleted file mode 100644
index 5472658..0000000
--- a/sepolicy/raven/euiccpixel_app.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# EuiccSupportPixel app
-
-userdebug_or_eng(`
-    allow euiccpixel_app sysfs_touch:dir search;
-')
-
diff --git a/sepolicy/raven/grilservice_app.te b/sepolicy/raven/grilservice_app.te
deleted file mode 100644
index ad0a779..0000000
--- a/sepolicy/raven/grilservice_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
diff --git a/sepolicy/raven/cccdk_timesync_app.te b/sepolicy/raven/vendor/cccdktimesync_app.te
similarity index 100%
rename from sepolicy/raven/cccdk_timesync_app.te
rename to sepolicy/raven/vendor/cccdktimesync_app.te
diff --git a/sepolicy/raven/vendor/dump_lsi.te b/sepolicy/raven/vendor/dump_lsi.te
new file mode 100644
index 0000000..a2e114d
--- /dev/null
+++ b/sepolicy/raven/vendor/dump_lsi.te
@@ -0,0 +1,5 @@
+pixel_bugreport(dump_lsi)
+
+allow dump_lsi sysfs_touch:dir r_dir_perms;
+allow dump_lsi sysfs_touch:file rw_file_perms;
+allow dump_lsi vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/raven/vendor/file_contexts b/sepolicy/raven/vendor/file_contexts
new file mode 100644
index 0000000..a5e2b08
--- /dev/null
+++ b/sepolicy/raven/vendor/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/dump/dump_lsi\.sh u:object_r:dump_lsi_exec:s0
diff --git a/sepolicy/raven/vendor/genfs_contexts b/sepolicy/raven/vendor/genfs_contexts
new file mode 100644
index 0000000..3118c45
--- /dev/null
+++ b/sepolicy/raven/vendor/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0
diff --git a/sepolicy/vendor/dumpstate.te b/sepolicy/vendor/dumpstate.te
new file mode 100644
index 0000000..3c5fac3
--- /dev/null
+++ b/sepolicy/vendor/dumpstate.te
@@ -0,0 +1 @@
+binder_call(dumpstate, hal_wlcservice)
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
new file mode 100644
index 0000000..5918f46
--- /dev/null
+++ b/sepolicy/vendor/file.te
@@ -0,0 +1 @@
+type vendor_wlc_file, data_file_type, file_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
new file mode 100644
index 0000000..bb6529c
--- /dev/null
+++ b/sepolicy/vendor/file_contexts
@@ -0,0 +1,4 @@
+/data/vendor/wireless_charger(/.*)? u:object_r:vendor_wlc_file:s0
+/vendor/bin/hw/vendor\.dolby\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger\.service-default u:object_r:hal_wlcservice_exec:s0
diff --git a/sepolicy/vendor/hal_dumpstate.te b/sepolicy/vendor/hal_dumpstate.te
new file mode 100644
index 0000000..7b117e6
--- /dev/null
+++ b/sepolicy/vendor/hal_dumpstate.te
@@ -0,0 +1,3 @@
+allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms;
+allow hal_dumpstate_default sysfs_wlc:dir search;
+allow hal_dumpstate_default sysfs_wlc:file r_file_perms;
diff --git a/sepolicy/vendor/hal_googlebattery.te b/sepolicy/vendor/hal_googlebattery.te
new file mode 100644
index 0000000..103fe22
--- /dev/null
+++ b/sepolicy/vendor/hal_googlebattery.te
@@ -0,0 +1,5 @@
+r_dir_file(hal_googlebattery, sysfs_wlc)
+
+set_prop(hal_googlebattery, vendor_wlcservice_prop)
+
+allow hal_googlebattery sysfs_wlc:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_health.te b/sepolicy/vendor/hal_health.te
new file mode 100644
index 0000000..0067fdc
--- /dev/null
+++ b/sepolicy/vendor/hal_health.te
@@ -0,0 +1 @@
+binder_call(hal_health_default, hal_wlcservice)
diff --git a/sepolicy/vendor/hal_wireless_charger.te b/sepolicy/vendor/hal_wireless_charger.te
new file mode 100644
index 0000000..4fd9020
--- /dev/null
+++ b/sepolicy/vendor/hal_wireless_charger.te
@@ -0,0 +1,17 @@
+type hal_wireless_charger_exec, exec_type, file_type, vendor_file_type;
+
+add_service(hal_wireless_charger, hal_wireless_charger_service)
+
+binder_call(hal_wireless_charger, hal_wlcservice)
+binder_call(hal_wireless_charger, platform_app)
+binder_call(hal_wireless_charger, servicemanager)
+binder_call(hal_wireless_charger, system_app)
+
+init_daemon_domain(hal_wireless_charger)
+
+r_dir_file(hal_wireless_charger, sysfs_batteryinfo)
+
+set_prop(hal_wireless_charger, vendor_wlcservice_prop)
+
+allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_wlcservice.te b/sepolicy/vendor/hal_wlcservice.te
new file mode 100644
index 0000000..8eb7010
--- /dev/null
+++ b/sepolicy/vendor/hal_wlcservice.te
@@ -0,0 +1,22 @@
+type hal_wlcservice, domain;
+type hal_wlcservice_exec, exec_type, file_type, vendor_file_type;
+type hal_wlcservice_service, hal_service_type, protected_service, service_manager_type;
+
+add_service(hal_wlcservice, hal_wlcservice_service)
+
+binder_call(hal_wlcservice, hal_health_default)
+binder_call(hal_wlcservice, hal_wireless_charger)
+binder_call(hal_wlcservice, servicemanager)
+
+binder_use(hal_wlcservice)
+
+hal_client_domain(hal_wlcservice, hal_health)
+
+init_daemon_domain(hal_wlcservice)
+
+set_prop(hal_wlcservice, vendor_wlcservice_prop)
+
+allow hal_wlcservice hal_wireless_charger_service:service_manager find;
+allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+allow hal_wlcservice vendor_wlc_file:dir create_dir_perms;
+allow hal_wlcservice vendor_wlc_file:file create_file_perms;
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
new file mode 100644
index 0000000..4314845
--- /dev/null
+++ b/sepolicy/vendor/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_wlcservice_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
new file mode 100644
index 0000000..e45b1cc
--- /dev/null
+++ b/sepolicy/vendor/property_contexts
@@ -0,0 +1,3 @@
+vendor.wlcservice.fwupdate.tx u:object_r:vendor_wlcservice_prop:s0 exact enum 0 1 2 3
+vendor.wlcservice.start u:object_r:vendor_wlcservice_prop:s0 exact bool
+vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_prop:s0 exact bool
diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts
new file mode 100644
index 0000000..bfc0b68
--- /dev/null
+++ b/sepolicy/vendor/service_contexts
@@ -0,0 +1 @@
+vendor.google.wireless_charger.service.IWlcService/default u:object_r:hal_wlcservice_service:s0
diff --git a/sepolicy/vendor/servicemanager.te b/sepolicy/vendor/servicemanager.te
new file mode 100644
index 0000000..74d7244
--- /dev/null
+++ b/sepolicy/vendor/servicemanager.te
@@ -0,0 +1 @@
+binder_call(servicemanager, hal_wlcservice)