diff --git a/Android.mk b/Android.mk
index aa6e07c99bce6b6c0ae38b6def803216a67e8ff6..c12cea78d545ad7458b470a89b2fa173e1b6b781 100644
--- a/Android.mk
+++ b/Android.mk
@@ -216,6 +216,7 @@ ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
 LOCAL_REQUIRED_MODULES += \
     $(platform_mapping_file) \
     26.0.cil \
+    27.0.cil \
     plat_pub_versioned.cil \
     vendor_sepolicy.cil \
     plat_sepolicy.cil \
@@ -467,6 +468,16 @@ current_mapping.cil :=
 #################################
 include $(CLEAR_VARS)
 
+LOCAL_MODULE := 27.0.cil
+LOCAL_SRC_FILES := private/compat/27.0/27.0.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
+
+include $(BUILD_PREBUILT)
+#################################
+include $(CLEAR_VARS)
+
 LOCAL_MODULE := 26.0.cil
 LOCAL_SRC_FILES := private/compat/26.0/26.0.cil
 LOCAL_MODULE_CLASS := ETC
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 03a4c0c642fe9800d101730d3dd94a23529ba292..06f4c912201323470b24e11c528b8501e9d3c2cd 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1,3 +1,6 @@
+;; types removed from current policy
+(type reboot_data_file)
+
 (expandtypeattribute (accessibility_service_27_0) true)
 (expandtypeattribute (account_service_27_0) true)
 (expandtypeattribute (activity_service_27_0) true)
@@ -824,7 +827,9 @@
 (typeattributeset dalvikcache_data_file_27_0 (dalvikcache_data_file))
 (typeattributeset dalvik_prop_27_0 (dalvik_prop))
 (typeattributeset dbinfo_service_27_0 (dbinfo_service))
-(typeattributeset debugfs_27_0 (debugfs))
+(typeattributeset debugfs_27_0
+  ( debugfs
+    debugfs_wakeup_sources))
 (typeattributeset debugfs_mmc_27_0 (debugfs_mmc))
 (typeattributeset debugfs_trace_marker_27_0 (debugfs_trace_marker))
 (typeattributeset debugfs_tracing_27_0 (debugfs_tracing))
@@ -836,7 +841,9 @@
 (typeattributeset default_android_hwservice_27_0 (default_android_hwservice))
 (typeattributeset default_android_service_27_0 (default_android_service))
 (typeattributeset default_android_vndservice_27_0 (default_android_vndservice))
-(typeattributeset default_prop_27_0 (default_prop))
+(typeattributeset default_prop_27_0
+  ( default_prop
+    pm_prop))
 (typeattributeset device_27_0 (device))
 (typeattributeset device_identifiers_service_27_0 (device_identifiers_service))
 (typeattributeset deviceidle_service_27_0 (deviceidle_service))
@@ -1159,7 +1166,38 @@
 (typeattributeset preopt2cachename_exec_27_0 (preopt2cachename_exec))
 (typeattributeset print_service_27_0 (print_service))
 (typeattributeset priv_app_27_0 (priv_app))
-(typeattributeset proc_27_0 (proc))
+(typeattributeset proc_27_0
+  ( proc
+    proc_abi
+    proc_asound
+    proc_buddyinfo
+    proc_cmdline
+    proc_dirty
+    proc_diskstats
+    proc_extra_free_kbytes
+    proc_filesystems
+    proc_hostname
+    proc_hung_task
+    proc_kmsg
+    proc_loadavg
+    proc_max_map_count
+    proc_min_free_order_shift
+    proc_mounts
+    proc_page_cluster
+    proc_pagetypeinfo
+    proc_panic
+    proc_pid_max
+    proc_pipe_conf
+    proc_random
+    proc_sched
+    proc_swaps
+    proc_uid_concurrent_active_time
+    proc_uid_concurrent_policy_time
+    proc_uid_cpupower
+    proc_uptime
+    proc_version
+    proc_vmallocinfo
+    proc_vmstat))
 (typeattributeset proc_bluetooth_writable_27_0 (proc_bluetooth_writable))
 (typeattributeset proc_cpuinfo_27_0 (proc_cpuinfo))
 (typeattributeset proc_drop_caches_27_0 (proc_drop_caches))
@@ -1169,7 +1207,9 @@
 (typeattributeset proc_meminfo_27_0 (proc_meminfo))
 (typeattributeset proc_misc_27_0 (proc_misc))
 (typeattributeset proc_modules_27_0 (proc_modules))
-(typeattributeset proc_net_27_0 (proc_net))
+(typeattributeset proc_net_27_0
+  ( proc_net
+    proc_qtaguid_stat))
 (typeattributeset proc_overcommit_memory_27_0 (proc_overcommit_memory))
 (typeattributeset proc_perf_27_0 (proc_perf))
 (typeattributeset proc_security_27_0 (proc_security))
@@ -1277,7 +1317,18 @@
 (typeattributeset surfaceflinger_27_0 (surfaceflinger))
 (typeattributeset surfaceflinger_service_27_0 (surfaceflinger_service))
 (typeattributeset swap_block_device_27_0 (swap_block_device))
-(typeattributeset sysfs_27_0 (sysfs))
+(typeattributeset sysfs_27_0
+  ( sysfs
+    sysfs_android_usb
+    sysfs_dm
+    sysfs_dt_firmware_android
+    sysfs_ipv4
+    sysfs_kernel_notes
+    sysfs_net
+    sysfs_power
+    sysfs_rtc
+    sysfs_switch
+    sysfs_wakeup_reasons))
 (typeattributeset sysfs_batteryinfo_27_0 (sysfs_batteryinfo))
 (typeattributeset sysfs_bluetooth_writable_27_0 (sysfs_bluetooth_writable))
 (typeattributeset sysfs_devices_system_cpu_27_0 (sysfs_devices_system_cpu))
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
new file mode 100644
index 0000000000000000000000000000000000000000..99db6624eda3e9bb569d67e4d9003dbccf112808
--- /dev/null
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -0,0 +1,97 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi tests.
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( blank_screen
+    blank_screen_exec
+    blank_screen_tmpfs
+    bootloader_boot_reason_prop
+    bpfloader
+    bpfloader_exec
+    cgroup_bpf
+    crossprofileapps_service
+    exported2_config_prop
+    exported2_default_prop
+    exported2_radio_prop
+    exported2_system_prop
+    exported2_vold_prop
+    exported3_default_prop
+    exported3_system_prop
+    exported_config_prop
+    exported_dalvik_prop
+    exported_default_prop
+    exported_dumpstate_prop
+    exported_ffs_prop
+    exported_fingerprint_prop
+    exported_overlay_prop
+    exported_pm_prop
+    exported_radio_prop
+    exported_system_prop
+    exported_system_radio_prop
+    exported_vold_prop
+    fs_bpf
+    hal_authsecret_hwservice
+    hal_confirmationui_hwservice
+    hal_lowpan_hwservice
+    hal_secure_element_hwservice
+    hal_usb_gadget_hwservice
+    incident_helper
+    incident_helper_exec
+    last_boot_reason_prop
+    lowpan_device
+    lowpan_prop
+    lowpan_service
+    mediaextractor_update_service
+    network_watchlist_data_file
+    network_watchlist_service
+    perfetto
+    perfetto_exec
+    perfetto_tmpfs
+    perfetto_traces_data_file
+    perfprofd_service
+    property_info
+    secure_element
+    secure_element_service
+    secure_element_tmpfs
+    slice_service
+    stats
+    stats_data_file
+    stats_exec
+    stats_service
+    statscompanion_service
+    statsd
+    statsd_exec
+    statsd_tmpfs
+    storaged_data_file
+    system_boot_reason_prop
+    system_update_service
+    tombstone_wifi_data_file
+    trace_data_file
+    traced
+    traced_consumer_socket
+    traced_exec
+    traced_probes
+    traced_probes_exec
+    traced_probes_tmpfs
+    traced_producer_socket
+    traced_tmpfs
+    traceur_app
+    traceur_app_tmpfs
+    update_engine_log_data_file
+    usbd
+    usbd_exec
+    usbd_tmpfs
+    vendor_default_prop
+    vendor_init
+    vendor_shell
+    vold_metadata_file
+    vold_prepare_subdirs
+    vold_prepare_subdirs_exec
+    vold_service
+    wm_trace_data_file
+    wpantund
+    wpantund_exec
+    wpantund_service
+    wpantund_tmpfs))
+
diff --git a/public/attributes b/public/attributes
index 6c6b129d17c477f4a801fd73bcef2401893348f8..0aec64561e504c93bf8756e53aa5ca400b7c862b 100644
--- a/public/attributes
+++ b/public/attributes
@@ -203,19 +203,46 @@ attribute halserverdomain;
 attribute halclientdomain;
 expandattribute halclientdomain true;
 
+# TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
+# can be resolve.
+attribute hal_audio;
+attribute hal_audio_client;
+expandattribute hal_audio_client true;
+attribute hal_audio_server;
+expandattribute hal_audio_server false;
+
+attribute hal_bootctl;
+attribute hal_bootctl_client;
+expandattribute hal_bootctl_client true;
+attribute hal_bootctl_server;
+expandattribute hal_bootctl_server false;
+
+attribute hal_camera;
+attribute hal_camera_client;
+expandattribute hal_camera_client true;
+attribute hal_camera_server;
+expandattribute hal_camera_server false;
+
+attribute hal_drm;
+attribute hal_drm_client;
+expandattribute hal_drm_client true;
+attribute hal_drm_server;
+expandattribute hal_drm_server false;
+
+attribute hal_cas;
+attribute hal_cas_client;
+expandattribute hal_cas_client true;
+attribute hal_cas_server;
+expandattribute hal_cas_server false;
+
 # HALs
 hal_attribute(allocator);
-hal_attribute(audio);
 hal_attribute(authsecret);
 hal_attribute(bluetooth);
-hal_attribute(bootctl);
 hal_attribute(broadcastradio);
-hal_attribute(camera);
 hal_attribute(configstore);
 hal_attribute(confirmationui);
 hal_attribute(contexthub);
-hal_attribute(drm);
-hal_attribute(cas);
 hal_attribute(dumpstate);
 hal_attribute(fingerprint);
 hal_attribute(gatekeeper);