diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 4d897e3..73c888a 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -30,6 +30,7 @@ type proc_bus_input, fs_type, proc_type;
 type vendor_sysfs_input, fs_type, sysfs_type;
 
 # Proc
+type proc_last_kmsg, fs_type, proc_type;
 type proc_simslot_count, fs_type, proc_type;
 
 # Qms
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index dcfb172..b0f0b9e 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -1,4 +1,5 @@
 # Proc
+genfscon proc "/last_kmsg"                                   u:object_r:proc_last_kmsg:s0
 genfscon proc "/simslot_count"                               u:object_r:proc_simslot_count:s0
 
 # Audio
diff --git a/sepolicy/vendor/network_stack.te b/sepolicy/vendor/network_stack.te
index 3fbd162..75318eb 100644
--- a/sepolicy/vendor/network_stack.te
+++ b/sepolicy/vendor/network_stack.te
@@ -1,2 +1,2 @@
 # Allow network_stack to read proc_net file
-allow network_stack proc_net:file rw_file_perms;
+allow network_stack proc_net:file { read getattr open };
diff --git a/sepolicy/vendor/spdaemon.te b/sepolicy/vendor/spdaemon.te
new file mode 100644
index 0000000..3b8c3cd
--- /dev/null
+++ b/sepolicy/vendor/spdaemon.te
@@ -0,0 +1,2 @@
+# Allow vendor_spdaemon to find hal_system_suspend_service
+allow vendor_spdaemon hal_system_suspend_service:service_manager find;
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
new file mode 100644
index 0000000..9467967
--- /dev/null
+++ b/sepolicy/vendor/system_server.te
@@ -0,0 +1,2 @@
+# Allow system_server process to read /proc/last_kmsg
+allow system_server proc_last_kmsg:file r_file_perms;
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 027fd36..a204264 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -5,3 +5,6 @@ allow vendor_init cgroup:file rw_file_perms;
 allow vendor_init block_device:lnk_file setattr;
 
 allow vendor_init vendor_ssr_prop:property_service set;
+
+# Allow vendor_init to set vendor_thermal_prop properties
+allow vendor_init vendor_thermal_prop:property_service set;