diff --git a/drmserver.te b/drmserver.te
index 482c2185f1553019be7f5e64a64c8e9a07fa69d5..e52d679ff61b27dcb1c469fd99c9dd2fd64cdfec 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -53,4 +53,10 @@ allow drmserver drmserver_service:service_manager { add find };
 allow drmserver system_server_service:service_manager find;
 allow drmserver tmp_system_server_service:service_manager find;
 
+service_manager_local_audit_domain(drmserver)
+auditallow drmserver {
+    tmp_system_server_service
+    -permission_service
+}:service_manager find;
+
 selinux_check_access(drmserver)
diff --git a/dumpstate.te b/dumpstate.te
index 320b19fa30bbf5d320c235b3ef1ed58c34a3bc53..cb38e0ba06eb695ac2aef861cfbe1c591a3131e5 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -104,20 +104,8 @@ allow dumpstate net_data_file:file r_file_perms;
 allow dumpstate tombstone_data_file:dir r_dir_perms;
 allow dumpstate tombstone_data_file:file r_file_perms;
 
-allow dumpstate {
-    drmserver_service
-    healthd_service
-    inputflinger_service
-    keystore_service
-    mediaserver_service
-    nfc_service
-    radio_service
-    surfaceflinger_service
-    system_app_service
-    system_server_service
-    tmp_system_server_service
-}:service_manager find;
-
+allow dumpstate service_manager_type:service_manager find;
 allow dumpstate servicemanager:service_manager list;
+service_manager_local_audit_domain(dumpstate)
 
 allow dumpstate devpts:chr_file rw_file_perms;
diff --git a/mediaserver.te b/mediaserver.te
index ec69aed091cfedf8ddcfcf0aeac660194ec64f5e..a8bc55fea0f4a96255b08e6eae54d8f45b522c90 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -84,15 +84,10 @@ allow mediaserver system_server_service:service_manager find;
 allow mediaserver surfaceflinger_service:service_manager find;
 allow mediaserver tmp_system_server_service:service_manager find;
 
-# address tmp_system_server_service accesses
-allow mediaserver batterystats_service:service_manager find;
-allow mediaserver permission_service:service_manager find;
-allow mediaserver power_service:service_manager find;
-allow mediaserver scheduling_policy_service:service_manager find;
-
 service_manager_local_audit_domain(mediaserver)
 auditallow mediaserver {
     tmp_system_server_service
+    -appops_service
     -batterystats_service
     -permission_service
     -power_service
diff --git a/nfc.te b/nfc.te
index e825b1b716aef12374aec870fe1b1bab74dae369..00826bb39f999f100f5ed7d6b2782e9b596ab56b 100644
--- a/nfc.te
+++ b/nfc.te
@@ -25,3 +25,22 @@ allow nfc radio_service:service_manager find;
 allow nfc surfaceflinger_service:service_manager find;
 allow nfc system_server_service:service_manager find;
 allow nfc tmp_system_server_service:service_manager find;
+
+service_manager_local_audit_domain(nfc)
+auditallow nfc {
+    tmp_system_server_service
+    -accessibility_service
+    -activity_service
+    -appops_service
+    -batterystats_service
+    -bluetooth_manager_service
+    -connectivity_service
+    -content_service
+    -display_service
+    -dropbox_service
+    -network_management_service
+    -power_service
+    -trust_service
+    -user_service
+    -vibrator_service
+}:service_manager find;
\ No newline at end of file
diff --git a/platform_app.te b/platform_app.te
index 61cc7572962a4d94a43c1e14debec5e7bf004a0e..378d45526c8fa4ec06cdca00421e9226a2accfd2 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -39,6 +39,7 @@ service_manager_local_audit_domain(platform_app)
 auditallow platform_app {
     tmp_system_server_service
     -accessibility_service
+    -account_service
     -activity_service
     -appops_service
     -appwidget_service
diff --git a/radio.te b/radio.te
index a6aec28e134f2743e30172d5cd5d2980ac74db2b..b5ff4a7e4c224be11e62209a2153b229a476bd01 100644
--- a/radio.te
+++ b/radio.te
@@ -42,11 +42,17 @@ auditallow radio {
     tmp_system_server_service
     -activity_service
     -appops_service
+    -bluetooth_manager_service
     -connectivity_service
     -content_service
     -display_service
     -dropbox_service
+    -netstats_service
     -network_management_service
+    -notification_service
     -power_service
     -registry_service
+    -trust_service
+    -user_service
+    -wifi_service
 }:service_manager find;
diff --git a/shared_relro.te b/shared_relro.te
index c4443824cd6541f3374f8831e2c6b066446981a1..1a7e2d030b3297b3add68edfa8dfd7f64e2d6bdf 100644
--- a/shared_relro.te
+++ b/shared_relro.te
@@ -12,3 +12,9 @@ allow shared_relro shared_relro_file:file create_file_perms;
 # Needs to contact the "webviewupdate" and "activity" services
 allow shared_relro system_server_service:service_manager find;
 allow shared_relro tmp_system_server_service:service_manager find;
+
+service_manager_local_audit_domain(shared_relro)
+auditallow shared_relro {
+    tmp_system_server_service
+    -webviewupdate_service
+}:service_manager find;
diff --git a/shell.te b/shell.te
index d31a496e1fca67365a876811fc1558a1d43b3a95..8cfe9ac431bdc9f4cb6d7f98b6326bd16fdc9acf 100644
--- a/shell.te
+++ b/shell.te
@@ -60,6 +60,7 @@ allow shell kernel:system syslog_read;
 # allow shell access to services
 allow shell servicemanager:service_manager list;
 allow shell service_manager_type:service_manager find;
+service_manager_local_audit_domain(shell)
 
 # allow shell to look through /proc/ for ps, top
 allow shell domain:dir { search open read getattr };
diff --git a/system_app.te b/system_app.te
index ea936aa1d7dbc2eb3ca52cff51907f6caafa5900..d3c7bdd17eff65271b08839db59a1b2931201a11 100644
--- a/system_app.te
+++ b/system_app.te
@@ -62,11 +62,32 @@ auditallow system_app {
     -accessibility_service
     -activity_service
     -appops_service
+    -appwidget_service
+    -assetatlas_service
+    -audio_service
+    -backup_service
+    -bluetooth_manager_service
     -connectivity_service
+    -content_service
+    -device_policy_service
     -display_service
+    -dreams_service
     -dropbox_service
+    -input_method_service
+    -input_service
+    -lock_settings_service
+    -mount_service
     -network_management_service
+    -notification_service
+    -power_service
+    -print_service
+    -registry_service
+    -sensorservice_service
+    -usagestats_service
+    -usb_service
     -user_service
+    -vibrator_service
+    -wifi_service
 }:service_manager find;
 
 allow system_app keystore:keystore_key {
diff --git a/system_server.te b/system_server.te
index ae9ada2c37e977e2451b43c82dc82fd0b2a3b199..191c446e6979fb153155c8cc61e0fa90a8bbe4b2 100644
--- a/system_server.te
+++ b/system_server.te
@@ -364,9 +364,11 @@ allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };
 allow system_server pstorefs:dir r_dir_perms;
 allow system_server pstorefs:file r_file_perms;
 
+allow system_server drmserver_service:service_manager find;
 allow system_server healthd_service:service_manager find;
 allow system_server keystore_service:service_manager find;
 allow system_server mediaserver_service:service_manager find;
+allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;
 allow system_server system_server_service:service_manager { add find };
 allow system_server surfaceflinger_service:service_manager find;
@@ -376,9 +378,11 @@ allow system_server tmp_system_server_service:service_manager { add find };
 allow system_server service_manager_type:service_manager find;
 auditallow system_server {
     service_manager_type
+    -drmserver_service
     -healthd_service
     -keystore_service
     -mediaserver_service
+    -nfc_service
     -radio_service
     -system_server_service
     -surfaceflinger_service
@@ -418,6 +422,7 @@ auditallow system_server {
     -network_score_service
     -notification_service
     -package_service
+    -permission_service
     -power_service
     -registry_service
     -sensorservice_service
diff --git a/untrusted_app.te b/untrusted_app.te
index bb93526a54cf1325fd31f0d355d3412d4d0747ed..91cb46ac6e63f324b3b11ddabf1d978d9ff7c871 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -82,18 +82,27 @@ auditallow untrusted_app {
     -assetatlas_service
     -audio_service
     -backup_service
+    -battery_service
     -batterystats_service
     -bluetooth_manager_service
     -connectivity_service
     -content_service
+    -country_detector_service
+    -default_android_service
     -device_policy_service
     -display_service
     -dropbox_service
     -input_method_service
     -input_service
     -jobscheduler_service
+    -launcherapps_service
     -location_service
+    -lock_settings_service
+    -media_router_service
+    -media_session_service
+    -meminfo_service
     -mount_service
+    -netpolicy_service
     -netstats_service
     -network_management_service
     -network_score_service
@@ -101,13 +110,18 @@ auditallow untrusted_app {
     -persistent_data_block_service
     -power_service
     -registry_service
+    -search_service
+    -sensorservice_service
     -textservices_service
     -trust_service
     -uimode_service
     -user_service
     -vibrator_service
+    -voiceinteraction_service
+    -wallpaper_service
     -webviewupdate_service
     -wifi_service
+    -wifip2p_service
 }:service_manager find;
 
 ###