diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index 62303d6c5b..6d58b1c86b 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -77,13 +77,17 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 
 BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
 BOARD_SEPOLICY_UNION += \
+        adbd.te \
+        app.te \
         bootanim.te \
         device.te \
         domain.te \
         file.te \
         file_contexts \
+        mediaserver.te \
         qemud.te \
         rild.te \
         shell.te \
         surfaceflinger.te \
-        system_server.te
+        system_server.te \
+        zygote.te
diff --git a/target/board/generic/sepolicy/adbd.te b/target/board/generic/sepolicy/adbd.te
new file mode 100644
index 0000000000..f65cfb3a4f
--- /dev/null
+++ b/target/board/generic/sepolicy/adbd.te
@@ -0,0 +1 @@
+allow adbd qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/app.te b/target/board/generic/sepolicy/app.te
new file mode 100644
index 0000000000..fd33453e6c
--- /dev/null
+++ b/target/board/generic/sepolicy/app.te
@@ -0,0 +1 @@
+allow appdomain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te
index d6506e11dd..a5a84f9fbb 100644
--- a/target/board/generic/sepolicy/bootanim.te
+++ b/target/board/generic/sepolicy/bootanim.te
@@ -1,2 +1,3 @@
 allow bootanim self:process execmem;
 allow bootanim ashmem_device:chr_file execute;
+allow bootanim qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/domain.te b/target/board/generic/sepolicy/domain.te
index c28ca74f15..f0261004fe 100644
--- a/target/board/generic/sepolicy/domain.te
+++ b/target/board/generic/sepolicy/domain.te
@@ -1,3 +1,2 @@
 # For /sys/qemu_trace files in the emulator.
 allow domain sysfs_writable:file rw_file_perms;
-allow domain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/mediaserver.te b/target/board/generic/sepolicy/mediaserver.te
new file mode 100644
index 0000000000..90b8cf8126
--- /dev/null
+++ b/target/board/generic/sepolicy/mediaserver.te
@@ -0,0 +1 @@
+allow mediaserver qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/rild.te b/target/board/generic/sepolicy/rild.te
index e148b6c139..5de171adf3 100644
--- a/target/board/generic/sepolicy/rild.te
+++ b/target/board/generic/sepolicy/rild.te
@@ -1 +1,2 @@
+allow rild qemu_device:chr_file rw_file_perms;
 unix_socket_connect(rild, qemud, qemud)
diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te
index 4c354697ab..671278919d 100644
--- a/target/board/generic/sepolicy/surfaceflinger.te
+++ b/target/board/generic/sepolicy/surfaceflinger.te
@@ -1,2 +1,3 @@
 allow surfaceflinger self:process execmem;
 allow surfaceflinger ashmem_device:chr_file execute;
+allow surfaceflinger qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/system_server.te b/target/board/generic/sepolicy/system_server.te
index d0fb79d9b1..ef4ce4a736 100644
--- a/target/board/generic/sepolicy/system_server.te
+++ b/target/board/generic/sepolicy/system_server.te
@@ -1 +1,2 @@
 unix_socket_connect(system_server, qemud, qemud)
+allow system_server qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te
new file mode 100644
index 0000000000..a5da574060
--- /dev/null
+++ b/target/board/generic/sepolicy/zygote.te
@@ -0,0 +1 @@
+allow zygote qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_mips/BoardConfig.mk b/target/board/generic_mips/BoardConfig.mk
index a319ad71a0..17e241de85 100644
--- a/target/board/generic_mips/BoardConfig.mk
+++ b/target/board/generic_mips/BoardConfig.mk
@@ -59,11 +59,13 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 
 BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
 BOARD_SEPOLICY_UNION += \
+        adbd.te \
         bootanim.te \
         device.te \
         domain.te \
         file.te \
         file_contexts \
+        mediaserver.te \
         qemud.te \
         rild.te \
         shell.te \
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index 30c0f2e045..5277cdc811 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -44,6 +44,8 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 
 BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
 BOARD_SEPOLICY_UNION += \
+        app.te \
+        adbd.te \
         bootanim.te \
         device.te \
         domain.te \
@@ -51,8 +53,10 @@ BOARD_SEPOLICY_UNION += \
         file_contexts \
         healthd.te \
         installd.te \
+        mediaserver.te \
         qemud.te \
         rild.te \
         shell.te \
         surfaceflinger.te \
-        system_server.te
+        system_server.te \
+        zygote.te
diff --git a/target/board/generic_x86/sepolicy/adbd.te b/target/board/generic_x86/sepolicy/adbd.te
new file mode 100644
index 0000000000..f65cfb3a4f
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/adbd.te
@@ -0,0 +1 @@
+allow adbd qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/app.te b/target/board/generic_x86/sepolicy/app.te
new file mode 100644
index 0000000000..fd33453e6c
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/app.te
@@ -0,0 +1 @@
+allow appdomain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/bootanim.te b/target/board/generic_x86/sepolicy/bootanim.te
new file mode 100644
index 0000000000..762a57387f
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/bootanim.te
@@ -0,0 +1 @@
+allow bootanim qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te
index c3161b37d1..c17950d9fb 100644
--- a/target/board/generic_x86/sepolicy/domain.te
+++ b/target/board/generic_x86/sepolicy/domain.te
@@ -1,4 +1,3 @@
 # For /sys/qemu_trace files in the emulator.
 allow domain sysfs_writable:file rw_file_perms;
 allow domain cpuctl_device:dir search;
-allow domain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/mediaserver.te b/target/board/generic_x86/sepolicy/mediaserver.te
new file mode 100644
index 0000000000..90b8cf8126
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/mediaserver.te
@@ -0,0 +1 @@
+allow mediaserver qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/rild.te b/target/board/generic_x86/sepolicy/rild.te
index e148b6c139..5de171adf3 100644
--- a/target/board/generic_x86/sepolicy/rild.te
+++ b/target/board/generic_x86/sepolicy/rild.te
@@ -1 +1,2 @@
+allow rild qemu_device:chr_file rw_file_perms;
 unix_socket_connect(rild, qemud, qemud)
diff --git a/target/board/generic_x86/sepolicy/surfaceflinger.te b/target/board/generic_x86/sepolicy/surfaceflinger.te
new file mode 100644
index 0000000000..865405ce55
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/surfaceflinger.te
@@ -0,0 +1 @@
+allow surfaceflinger qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te
index 0ede97165c..9bfe5fe4e6 100644
--- a/target/board/generic_x86/sepolicy/system_server.te
+++ b/target/board/generic_x86/sepolicy/system_server.te
@@ -1,2 +1,3 @@
 allow system_server self:process execmem;
 unix_socket_connect(system_server, qemud, qemud)
+allow system_server qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te
index 93993a47f1..d34c4a1f9c 100644
--- a/target/board/generic_x86/sepolicy/zygote.te
+++ b/target/board/generic_x86/sepolicy/zygote.te
@@ -1,2 +1,3 @@
 allow zygote self:process execmem;
 allow zygote self:capability sys_nice;
+allow zygote qemu_device:chr_file rw_file_perms;