diff --git a/ramdisk/etc/init.samsungexynos8895.rc b/ramdisk/etc/init.samsungexynos8895.rc
index 4cad02ea59a662863020154776d579bdddecb23e..a694d366a4085a01ea8e5668ef0bcdf264cd482a 100644
--- a/ramdisk/etc/init.samsungexynos8895.rc
+++ b/ramdisk/etc/init.samsungexynos8895.rc
@@ -36,6 +36,10 @@ on post-fs
     setrlimit 8 67108864 67108864
 
 on post-fs-data
+   exec u:r:vendor_toolbox:s0 -- /vendor/bin/toybox_vendor find /data/vendor -type d \
+        -exec /vendor/bin/toybox_vendor setfattr -x security.sehash {} \;
+   restorecon_recursive /data/vendor
+
 # setup cgroup freezer for freecess
     mkdir /dev/freezer
     mount cgroup none /dev/freezer freezer
diff --git a/sepolicy/vendor/hal_gatekeeper_default.te b/sepolicy/vendor/hal_gatekeeper_default.te
index c9c3b9629aa6d00e062c0344a552b521ecd932d5..5bd18550d0f43111204be6b58c499c387127157a 100644
--- a/sepolicy/vendor/hal_gatekeeper_default.te
+++ b/sepolicy/vendor/hal_gatekeeper_default.te
@@ -1,3 +1,6 @@
 allow hal_gatekeeper_default gatekeeper_efs_file:file rw_file_perms;
 allow hal_gatekeeper_default gatekeeper_efs_file:dir search;
 allow hal_gatekeeper_default efs_file:dir search;
+
+allow hal_gatekeeper_default tee_efs_file:dir search;
+allow hal_gatekeeper_default tee_efs_file:file rw_file_perms;
diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te
new file mode 100644
index 0000000000000000000000000000000000000000..7c59193538f8582f878074971e8273d1c93bc20c
--- /dev/null
+++ b/sepolicy/vendor/tee.te
@@ -0,0 +1,4 @@
+allow tee mobicore_data_file:dir search;
+
+allow tee tee_efs_file:dir r_dir_perms;
+allow tee tee_efs_file:file r_file_perms;