diff --git a/aosp/vendor/common/overlay/frameworks/base/core/res/res/values/config.xml b/aosp/vendor/common/overlay/frameworks/base/core/res/res/values/config.xml
index 36b79a82d8d518e4f32c11d256f4432d66df3d6b..87d413fb006a73fd033cb823540881755afedd66 100644
--- a/aosp/vendor/common/overlay/frameworks/base/core/res/res/values/config.xml
+++ b/aosp/vendor/common/overlay/frameworks/base/core/res/res/values/config.xml
@@ -1,4 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!--
+/*
+** Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved.
+** Description: copy files config
+*/
+-->
 
 <resources>
 
diff --git a/aosp/vendor/common/overlay/frameworks/base/packages/SystemUI/res/values/config.xml b/aosp/vendor/common/overlay/frameworks/base/packages/SystemUI/res/values/config.xml
new file mode 100644
index 0000000000000000000000000000000000000000..083ba4072266415f150075180c0c83dddb324ed5
--- /dev/null
+++ b/aosp/vendor/common/overlay/frameworks/base/packages/SystemUI/res/values/config.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/*
+** Copyright 2009, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+**     http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+-->
+
+<!-- These resources are around just to allow their values to be customized
+     for different hardware and product builds. -->
+<resources>
+    <!-- The default tiles to display in QuickSettings -->
+    <string name="quick_settings_tiles_default" translatable="false"></string>
+
+    <!-- Tiles native to System UI. Order should match "quick_settings_tiles_default" -->
+    <string name="quick_settings_tiles_stock" translatable="false"></string>
+</resources>
diff --git a/aosp/vendor/common/sepolicy/vendor/hal_confirmationui.te b/aosp/vendor/common/sepolicy/vendor/hal_confirmationui.te
index 49902148b556924718930f18e4fd2b5836ccbc0d..4e757238ccceeab627e708b09a9abbc08ee0fb5f 100644
--- a/aosp/vendor/common/sepolicy/vendor/hal_confirmationui.te
+++ b/aosp/vendor/common/sepolicy/vendor/hal_confirmationui.te
@@ -6,9 +6,6 @@ init_daemon_domain(hal_confirmationui_google)
 
 binder_call(hal_confirmationui_google, keystore)
 
-vendor_internal_prop(vendor_enable_confirmationui_prop)
-get_prop(hal_confirmationui_google, vendor_enable_confirmationui_prop)
-
 # Write to kernel log (/dev/kmsg)
 allow hal_confirmationui_google kmsg_device:chr_file w_file_perms;
 allow hal_confirmationui_google kmsg_device:chr_file getattr;
diff --git a/aosp/vendor/common/sepolicy/vendor/hal_gatekeeper.te b/aosp/vendor/common/sepolicy/vendor/hal_gatekeeper.te
index 405ca4e69b3448b78a1f9f3e16aa769998f39290..59e6934d6cc220ba1174ee5e1f0836033bd1dd92 100644
--- a/aosp/vendor/common/sepolicy/vendor/hal_gatekeeper.te
+++ b/aosp/vendor/common/sepolicy/vendor/hal_gatekeeper.te
@@ -1,9 +1,9 @@
-type hal_gatekeeper_remote, domain;
-hal_server_domain(hal_gatekeeper_remote, hal_gatekeeper)
+type hal_gatekeeper_hw, domain;
+hal_server_domain(hal_gatekeeper_hw, hal_gatekeeper)
 
-type hal_gatekeeper_remote_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_gatekeeper_remote)
+type hal_gatekeeper_hw_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gatekeeper_hw)
 
 # Write to kernel log (/dev/kmsg)
-allow hal_gatekeeper_remote kmsg_device:chr_file w_file_perms;
-allow hal_gatekeeper_remote kmsg_device:chr_file getattr;
+allow hal_gatekeeper_hw kmsg_device:chr_file w_file_perms;
+allow hal_gatekeeper_hw kmsg_device:chr_file getattr;
diff --git a/aosp/vendor/common/sepolicy/vendor/hal_keymint_rust.te b/aosp/vendor/common/sepolicy/vendor/hal_keymint_rust.te
index 57d82e55f8f10e3d82294d74942ef0c2859cf3e3..c97b15437cf687a3c8cf07e2b21a1426a6822b89 100644
--- a/aosp/vendor/common/sepolicy/vendor/hal_keymint_rust.te
+++ b/aosp/vendor/common/sepolicy/vendor/hal_keymint_rust.te
@@ -1,19 +1,14 @@
-type hal_keymint_rust, domain;
-hal_server_domain(hal_keymint_rust, hal_keymint)
+type hal_keymint_hw, domain;
+hal_server_domain(hal_keymint_hw, hal_keymint)
 
-type hal_keymint_rust_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_keymint_rust)
-
-type keymint_device, dev_type;
-
-allow hal_keymint_rust device:dir r_dir_perms;
-allow hal_keymint_rust keymint_device:chr_file rw_file_perms;
+type hal_keymint_hw_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_keymint_hw)
 
 # Write to kernel log (/dev/kmsg)
-allow hal_keymint_rust kmsg_device:chr_file w_file_perms;
-allow hal_keymint_rust kmsg_device:chr_file getattr;
+allow hal_keymint_hw kmsg_device:chr_file w_file_perms;
+allow hal_keymint_hw kmsg_device:chr_file getattr;
 
 # uncomment it later
-# get_prop(hal_keymint_rust, vendor_security_patch_level_prop)
-# get_prop(hal_keymint_rust, vendor_boot_security_patch_level_prop)
-get_prop(hal_keymint_rust, serialno_prop)
+# get_prop(hal_keymint_hw, vendor_security_patch_level_prop)
+# get_prop(hal_keymint_hw, vendor_boot_security_patch_level_prop)
+get_prop(hal_keymint_hw, serialno_prop)
diff --git a/aosp/vendor/common/sepolicy/vendor/hal_oemlock_remote.te b/aosp/vendor/common/sepolicy/vendor/hal_oemlock_remote.te
index 1a075560c0244af8c2c19f7c13fecf8ea82b5fce..c0862f1219a1b99a3e8e660d39ca90523eae643a 100644
--- a/aosp/vendor/common/sepolicy/vendor/hal_oemlock_remote.te
+++ b/aosp/vendor/common/sepolicy/vendor/hal_oemlock_remote.te
@@ -1,14 +1,9 @@
-type hal_oemlock_remote, domain;
-hal_server_domain(hal_oemlock_remote, hal_oemlock)
+type hal_oemlock_hw, domain;
+hal_server_domain(hal_oemlock_hw, hal_oemlock)
 
-type hal_oemlock_remote_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_oemlock_remote)
-
-type oemlock_device, dev_type;
-
-allow hal_oemlock_remote device:dir r_dir_perms;
-allow hal_oemlock_remote oemlock_device:chr_file rw_file_perms;
+type hal_oemlock_hw_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oemlock_hw)
 
 # Write to kernel log (/dev/kmsg)
-allow hal_oemlock_remote kmsg_device:chr_file w_file_perms;
-allow hal_oemlock_remote kmsg_device:chr_file getattr;
+allow hal_oemlock_hw kmsg_device:chr_file w_file_perms;
+allow hal_oemlock_hw kmsg_device:chr_file getattr;
diff --git a/aosp/vendor/common/sepolicy/vendor/property.te b/aosp/vendor/common/sepolicy/vendor/property.te
new file mode 100644
index 0000000000000000000000000000000000000000..2c948df605428338421731df52cd7e77a8b79719
--- /dev/null
+++ b/aosp/vendor/common/sepolicy/vendor/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_boot_security_patch_level_prop)