diff --git a/BoardConfigExtra.mk b/BoardConfigExtra.mk
index b86e862..5592f98 100644
--- a/BoardConfigExtra.mk
+++ b/BoardConfigExtra.mk
@@ -12,4 +12,5 @@ ifndef TARGET_COPY_OUT_SYSTEM_EXT
 endif
 
 ## SELinux
-BOARD_VENDOR_SEPOLICY_DIRS += vendor/extra/sepolicy
+PRODUCT_PRIVATE_SEPOLICY_DIRS += vendor/extra/sepolicy/private
+BOARD_VENDOR_SEPOLICY_DIRS += vendor/extra/sepolicy/vendor
diff --git a/sepolicy/private/linkerconfig.te b/sepolicy/private/linkerconfig.te
new file mode 100644
index 0000000..6b0a1fa
--- /dev/null
+++ b/sepolicy/private/linkerconfig.te
@@ -0,0 +1 @@
+dontaudit linkerconfig self:capability kill;
diff --git a/sepolicy/vendor/fsck.te b/sepolicy/vendor/fsck.te
new file mode 100644
index 0000000..9990eda
--- /dev/null
+++ b/sepolicy/vendor/fsck.te
@@ -0,0 +1 @@
+dontaudit fsck self:capability kill;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
new file mode 100644
index 0000000..eb08278
--- /dev/null
+++ b/sepolicy/vendor/init.te
@@ -0,0 +1 @@
+dontaudit init debugfs_tracing_debug:dir mounton;
diff --git a/sepolicy/vendor/toolbox.te b/sepolicy/vendor/toolbox.te
new file mode 100644
index 0000000..1674a7a
--- /dev/null
+++ b/sepolicy/vendor/toolbox.te
@@ -0,0 +1 @@
+dontaudit toolbox self:capability kill;
diff --git a/sepolicy/vendor/vdc.te b/sepolicy/vendor/vdc.te
new file mode 100644
index 0000000..9123f99
--- /dev/null
+++ b/sepolicy/vendor/vdc.te
@@ -0,0 +1 @@
+dontaudit vdc self:capability kill;