diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index 5a9a4fb..5d49fae 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -5,7 +5,7 @@ type op1_file, file_type;
 type op2_file, file_type;
 type persist_file, file_type;
 type proc_touchpanel, fs_type;
-type sysfs_livedisplay, sysfs_type, fs_type;
 type sysfs_fpc_proximity, sysfs_type, fs_type;
 type sysfs_oem, sysfs_type, fs_type;
+type sysfs_graphics, sysfs_type, fs_type;
 type sysfs_battery_supply, sysfs_type, fs_type;
diff --git a/sepolicy/private/genfs_contexts b/sepolicy/private/genfs_contexts
index f96e494..ccce21b 100644
--- a/sepolicy/private/genfs_contexts
+++ b/sepolicy/private/genfs_contexts
@@ -1,4 +1,4 @@
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/hbm u:object_r:sysfs_livedisplay:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/display_mode u:object_r:sysfs_livedisplay:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/hbm u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/display_mode u:object_r:sysfs_livedisplay_tuneable:s0
diff --git a/sepolicy/private/hal_light_sdm845.te b/sepolicy/private/hal_light_sdm845.te
index 20e0d9c..361f687 100644
--- a/sepolicy/private/hal_light_sdm845.te
+++ b/sepolicy/private/hal_light_sdm845.te
@@ -1,7 +1,20 @@
 type hal_light_sdm845, coredomain, domain;
-hal_server_domain(hal_light_sdm845, hal_light)
+
+# Allow a base set of permissions required for a domain to offer a
+# HAL implementation of the specified type over HwBinder.
+typeattribute hal_light_sdm845 halserverdomain;
+typeattribute hal_light_sdm845 hal_light_server;
+
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_light_client, hal_light_server)
+binder_call(hal_light_server, hal_light_client)
+
+add_hwservice(hal_light_server, hal_light_hwservice)
+allow hal_light_client hal_light_hwservice:hwservice_manager find;
 
 type hal_light_sdm845_exec, exec_type, file_type;
 init_daemon_domain(hal_light_sdm845)
 
-allow hal_light_sdm845 sysfs_oem:file rw_file_perms;
+allow hal_light_sdm845 { sysfs_graphics sysfs_oem }:lnk_file read;
+allow hal_light_sdm845 { sysfs_graphics sysfs_oem }:file rw_file_perms;
+allow hal_light_sdm845 { sysfs_graphics sysfs_leds sysfs_oem }:dir r_dir_perms;
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
index 463e759..03cbeab 100644
--- a/sepolicy/private/init.te
+++ b/sepolicy/private/init.te
@@ -5,4 +5,7 @@ allow init vendor_file:file mounton;
 allow init vendor_configs_file:file mounton;
 
 # Allow init to chown/chmod on pseudo files in /sys
-allow init sysfs_type:file { open read setattr };
+allow init {
+    sysfs_fpc_proximity
+    sysfs_graphics
+}:file { open read setattr };
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
index b0c8a62..27db71c 100644
--- a/sepolicy/private/system_server.te
+++ b/sepolicy/private/system_server.te
@@ -1,2 +1,2 @@
 # Allow access to LiveDisplay tuning nodes
-allow system_server sysfs_livedisplay:file rw_file_perms;
+allow system_server sysfs_livedisplay_tuneable:file rw_file_perms;