diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
index c8edf9f7d1f7fecf2a1a7b9999497fd28dca13d0..4e0aae22fd3008346fbf9d1a106d755f219f02da 100644
--- a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
@@ -23,6 +23,7 @@
     e2fs
     e2fs_exec
     exfat
+    exported_audio_prop
     exported_bluetooth_prop
     exported_config_prop
     exported_dalvik_prop
diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
index 61067483003c6a23df2158c2610f3ecc44b4eccf..747478ccc0d3362b30907b55df87cc6aad97e7b3 100644
--- a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
@@ -27,6 +27,7 @@
     exported3_default_prop
     exported3_radio_prop
     exported3_system_prop
+    exported_audio_prop
     exported_bluetooth_prop
     exported_config_prop
     exported_dalvik_prop
diff --git a/prebuilts/api/28.0/private/crash_dump.te b/prebuilts/api/28.0/private/crash_dump.te
index fb73f08a994a8912746b87a257e323ae762c5931..c3d2ed5bd0e2772c1c2d4968248f33b103a036de 100644
--- a/prebuilts/api/28.0/private/crash_dump.te
+++ b/prebuilts/api/28.0/private/crash_dump.te
@@ -1 +1,14 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };
diff --git a/prebuilts/api/28.0/private/file_contexts b/prebuilts/api/28.0/private/file_contexts
index 5d919710e4994d5d2b7e4f025f7933fb8abc22dc..564e45c2fb1f0a8ba4845643818b1c0c71ef4a10 100644
--- a/prebuilts/api/28.0/private/file_contexts
+++ b/prebuilts/api/28.0/private/file_contexts
@@ -392,6 +392,7 @@
 
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
+/data/misc/apns(/.*)?           u:object_r:radio_data_file:s0
 /data/misc/audio(/.*)?          u:object_r:audio_data_file:s0
 /data/misc/audioserver(/.*)?    u:object_r:audioserver_data_file:s0
 /data/misc/audiohal(/.*)?       u:object_r:audiohal_data_file:s0
diff --git a/prebuilts/api/28.0/private/surfaceflinger.te b/prebuilts/api/28.0/private/surfaceflinger.te
index e64b8de2cfe1806e7dfd8bd27bc9d03ba1ab86f6..e2f1a0721b3a72389dea1d5337b5935019c64c75 100644
--- a/prebuilts/api/28.0/private/surfaceflinger.te
+++ b/prebuilts/api/28.0/private/surfaceflinger.te
@@ -14,6 +14,7 @@ read_runtime_log_tags(surfaceflinger)
 hal_client_domain(surfaceflinger, hal_graphics_allocator)
 hal_client_domain(surfaceflinger, hal_graphics_composer)
 hal_client_domain(surfaceflinger, hal_configstore)
+hal_client_domain(surfaceflinger, hal_power)
 allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
 
 # Perform Binder IPC.
diff --git a/prebuilts/api/28.0/private/system_server.te b/prebuilts/api/28.0/private/system_server.te
index b037fe4a605a4bc40cf15f12df8b31fbe99dc6f7..fa84c3226cec71d4b70e748f80b40dbad9a9af25 100644
--- a/prebuilts/api/28.0/private/system_server.te
+++ b/prebuilts/api/28.0/private/system_server.te
@@ -536,6 +536,10 @@ get_prop(system_server, serialno_prop)
 # Read/write the property which keeps track of whether this is the first start of system_server
 set_prop(system_server, firstboot_prop)
 
+# Audio service in system server can read exported audio properties,
+# such as camera shutter enforcement
+get_prop(system_server, exported_audio_prop)
+
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;
 
diff --git a/prebuilts/api/28.0/public/app.te b/prebuilts/api/28.0/public/app.te
index 8e338ba4228a47da3c9b9ddb4761eca2f413dd6f..439c1f80f8460e5526c9f704f21446936456252f 100644
--- a/prebuilts/api/28.0/public/app.te
+++ b/prebuilts/api/28.0/public/app.te
@@ -178,7 +178,6 @@ userdebug_or_eng(`
 allow {
     untrusted_app_25
     untrusted_app_27
-    ephemeral_app
     priv_app
     system_app
     platform_app
@@ -190,7 +189,6 @@ r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
 r_dir_file({
     untrusted_app_25
     untrusted_app_27
-    ephemeral_app
     priv_app
     system_app
     platform_app
@@ -201,7 +199,6 @@ r_dir_file({
 allow {
     untrusted_app_25
     untrusted_app_27
-    ephemeral_app
     priv_app
     system_app
     platform_app
diff --git a/prebuilts/api/28.0/public/crash_dump.te b/prebuilts/api/28.0/public/crash_dump.te
index f778d2818eb3f0bfc6c88803a25f457f908c0608..cd1e5a8e4381ed93b7cd7d3c05c35222cc6539f4 100644
--- a/prebuilts/api/28.0/public/crash_dump.te
+++ b/prebuilts/api/28.0/public/crash_dump.te
@@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te
index cccc651597a2359e6225bce171c7f38eec710bb8..e9337b654c5cbf8e7de550a90c0fa404af9e2614 100644
--- a/prebuilts/api/28.0/public/domain.te
+++ b/prebuilts/api/28.0/public/domain.te
@@ -466,7 +466,7 @@ neverallow {
 }:file no_x_file_perms;
 
 # The test files and executables MUST not be accessible to any domain
-neverallow domain nativetest_data_file:file_class_set no_w_file_perms;
+neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms;
 neverallow domain nativetest_data_file:dir no_w_dir_perms;
 neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
 
diff --git a/prebuilts/api/28.0/public/kernel.te b/prebuilts/api/28.0/public/kernel.te
index c8521e329dc9cae2c3164b941059fd4da9b67ef5..b7a351cc87dfab004b486692116b7a062b88961f 100644
--- a/prebuilts/api/28.0/public/kernel.te
+++ b/prebuilts/api/28.0/public/kernel.te
@@ -69,7 +69,7 @@ allow kernel asec_image_file:file read;
 # and for LTP kernel tests (b/73220071)
 userdebug_or_eng(`
   allow kernel update_engine_data_file:file read;
-  allow kernel nativetest_data_file:file read;
+  allow kernel nativetest_data_file:file { read write };
 ')
 
 # Access to /data/media.
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index 09200b836925496d4c1d0423ac39aad4cbc51765..b0397e957b3f2ab7d4f919e8532e7c14f5673bf2 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -66,6 +66,7 @@ type wifi_prop, property_type;
 type vendor_security_patch_level_prop, property_type;
 
 # Properties for whitelisting
+type exported_audio_prop, property_type;
 type exported_bluetooth_prop, property_type;
 type exported_config_prop, property_type;
 type exported_dalvik_prop, property_type;
diff --git a/prebuilts/api/28.0/public/property_contexts b/prebuilts/api/28.0/public/property_contexts
index bbceb76353108c9df188745360f2d3ea35ee67e8..4f81c1c324245774174450f66fa52c8ca6b48f4e 100644
--- a/prebuilts/api/28.0/public/property_contexts
+++ b/prebuilts/api/28.0/public/property_contexts
@@ -3,6 +3,7 @@ persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
 
 # vendor-init-settable
 af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
 camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
 camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
 dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
@@ -55,6 +56,7 @@ dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
 dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.stack-trace-dir u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
diff --git a/prebuilts/api/28.0/public/vendor_init.te b/prebuilts/api/28.0/public/vendor_init.te
index d079873252583e0c820de9920a8ef1a8106f3d0f..4e4b3136527e11705490ce828349e5aa9ffcf81a 100644
--- a/prebuilts/api/28.0/public/vendor_init.te
+++ b/prebuilts/api/28.0/public/vendor_init.te
@@ -170,6 +170,7 @@ not_compatible_property(`
 
 set_prop(vendor_init, bluetooth_a2dp_offload_prop)
 set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_audio_prop)
 set_prop(vendor_init, exported_bluetooth_prop)
 set_prop(vendor_init, exported_config_prop)
 set_prop(vendor_init, exported_dalvik_prop)