diff --git a/non_plat/aee_aed.te b/non_plat/aee_aed.te
index 225c2ee..53ce16b 100644
--- a/non_plat/aee_aed.te
+++ b/non_plat/aee_aed.te
@@ -38,6 +38,7 @@ allow aee_aed data_tmpfs_log_file:dir create_dir_perms;
 allow aee_aed data_tmpfs_log_file:file create_file_perms;
 
 # Purpose: aee_aed set property
+typeattribute aee_aed system_writes_vendor_properties_violators;
 set_prop(aee_aed, persist_mtk_aee_prop);
 set_prop(aee_aed, persist_aee_prop);
 set_prop(aee_aed, debug_mtk_aee_prop);
diff --git a/non_plat/audioserver.te b/non_plat/audioserver.te
index f5f3501..012a84d 100644
--- a/non_plat/audioserver.te
+++ b/non_plat/audioserver.te
@@ -5,6 +5,7 @@
 # Data : WK14.39
 # Operation : Migration
 # Purpose : dump for debug
+typeattribute audioserver system_writes_vendor_properties_violators;
 allow audioserver audiohal_prop:property_service set;
 
 # Date: WK14.44
diff --git a/non_plat/bluetooth.te b/non_plat/bluetooth.te
index d0952ca..22b32bf 100644
--- a/non_plat/bluetooth.te
+++ b/non_plat/bluetooth.te
@@ -11,6 +11,7 @@ allow bluetooth storage_stub_file:dir getattr;
 
 # Date: 2018/01/17
 #allow bluetooth to set property
+typeattribute bluetooth system_writes_vendor_properties_violators;
 set_prop(bluetooth, vendor_bluetooth_prop)
 set_prop(bluetooth, debug_prop)
 
diff --git a/non_plat/bootanim.te b/non_plat/bootanim.te
index 91b6e86..bf793d2 100644
--- a/non_plat/bootanim.te
+++ b/non_plat/bootanim.te
@@ -5,6 +5,7 @@
 # Date : WK14.37
 # Operation : Migration
 # Purpose : for opetator
+typeattribute bootanim system_writes_vendor_properties_violators;
 allow bootanim bootani_prop:property_service set;
 
 # Date : WK14.46
diff --git a/non_plat/cameraserver.te b/non_plat/cameraserver.te
index 92080cb..132ab55 100644
--- a/non_plat/cameraserver.te
+++ b/non_plat/cameraserver.te
@@ -376,6 +376,7 @@ allow cameraserver mtk_cmdq_device:chr_file { read ioctl open };
 # Date : WK17.28
 # Operation : MT6757 SQC
 # Purpose : Change thermal config
+typeattribute cameraserver system_writes_vendor_properties_violators;
 allow cameraserver mtk_thermal_config_prop:file { getattr open read };
 allow cameraserver mtk_thermal_config_prop:property_service set;
 
diff --git a/non_plat/cmddumper.te b/non_plat/cmddumper.te
index c10f721..7fa99ed 100644
--- a/non_plat/cmddumper.te
+++ b/non_plat/cmddumper.te
@@ -1,4 +1,5 @@
 #cmddumper access external modem ttySDIO2 
+typeattribute cmddumper system_writes_vendor_properties_violators;
 allow cmddumper ttySDIO_device:chr_file { read write ioctl open };
 
 # for modem logging sdcard access
diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te
index b28de63..905b917 100644
--- a/non_plat/dumpstate.te
+++ b/non_plat/dumpstate.te
@@ -3,6 +3,7 @@
 # ==============================================
 
 # Purpose: aee_dumpstate set surfaceflinger property
+typeattribute dumpstate system_writes_vendor_properties_violators;
 set_prop(dumpstate, debug_bq_dump_prop);
 
 # Purpose: access dev/aed0
diff --git a/non_plat/emdlogger.te b/non_plat/emdlogger.te
index a2e483a..0b8ac78 100644
--- a/non_plat/emdlogger.te
+++ b/non_plat/emdlogger.te
@@ -1,6 +1,7 @@
 #allow emdlogger to set property
 #allow emdlogger debug_mdlogger_prop:property_service set;
 allow emdlogger debug_prop:property_service set;
+typeattribute emdlogger system_writes_vendor_properties_violators;
 allow emdlogger persist_mtklog_prop:property_service set;
 allow emdlogger system_radio_prop:property_service set;
 
diff --git a/non_plat/factory.te b/non_plat/factory.te
index 0b91700..c199f59 100644
--- a/non_plat/factory.te
+++ b/non_plat/factory.te
@@ -70,6 +70,7 @@ allow factory shell_exec:file r_file_perms;
 
 # Date: WK15.44
 # Purpose: factory idle current status
+typeattribute factory system_writes_vendor_properties_violators;
 allow factory vendor_factory_idle_state_prop:property_service set;
 
 # Date: WK15.46
diff --git a/non_plat/mdlogger.te b/non_plat/mdlogger.te
index 52bc958..33108c5 100644
--- a/non_plat/mdlogger.te
+++ b/non_plat/mdlogger.te
@@ -1,4 +1,5 @@
 #allow mdlogger to set property
+typeattribute mdlogger system_writes_vendor_properties_violators;
 allow mdlogger debug_mdlogger_prop:property_service set;
 allow mdlogger debug_prop:property_service set;
 
diff --git a/non_plat/mediaserver.te b/non_plat/mediaserver.te
index dcd1457..ef0bf33 100644
--- a/non_plat/mediaserver.te
+++ b/non_plat/mediaserver.te
@@ -357,6 +357,7 @@ allow mediaserver mtk_cmdq_device:chr_file { read ioctl open };
 # Date : WK17.12
 # Operation : MT6799 SQC
 # Purpose : Change thermal config
+typeattribute mediaserver system_writes_vendor_properties_violators;
 allow mediaserver mtk_thermal_config_prop:file { getattr open read };
 allow mediaserver mtk_thermal_config_prop:property_service set;
 
diff --git a/non_plat/mobile_log_d.te b/non_plat/mobile_log_d.te
index 5087c3a..b7f148b 100644
--- a/non_plat/mobile_log_d.te
+++ b/non_plat/mobile_log_d.te
@@ -35,6 +35,7 @@ allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms;
 allow mobile_log_d data_tmpfs_log_file:file create_file_perms;
 
 #mobile itself property
+typeattribute mobile_log_d system_writes_vendor_properties_violators;
 set_prop(mobile_log_d, mobile_log_prop)
 
 #Dat: 2017/02/14
diff --git a/non_plat/mtkbootanimation.te b/non_plat/mtkbootanimation.te
index bbfa1e3..b40b0b0 100644
--- a/non_plat/mtkbootanimation.te
+++ b/non_plat/mtkbootanimation.te
@@ -5,6 +5,7 @@
 # Date : WK14.37
 # Operation : Migration
 # Purpose : for opetator
+typeattribute mtkbootanimation system_writes_vendor_properties_violators;
 allow mtkbootanimation bootani_prop:property_service set;
 
 # Date : WK14.46
diff --git a/non_plat/netdiag.te b/non_plat/netdiag.te
index cb19c48..e7c0c76 100644
--- a/non_plat/netdiag.te
+++ b/non_plat/netdiag.te
@@ -15,6 +15,7 @@ allow netdiag vfat:file create_file_perms;
 allow netdiag tmpfs:lnk_file read;
 
 #Purpose : for network log property
+typeattribute netdiag system_writes_vendor_properties_violators;
 set_prop(netdiag, debug_netlog_prop)
 set_prop(netdiag, persist_mtklog_prop)
 set_prop(netdiag, debug_mtklog_prop)
diff --git a/non_plat/platform_app.te b/non_plat/platform_app.te
index a08eace..a8ba29f 100644
--- a/non_plat/platform_app.te
+++ b/non_plat/platform_app.te
@@ -80,6 +80,7 @@ allow platform_app aee_aed:unix_stream_socket connectto;
 # Date : WK17.44
 # Operation : O Migration
 # Purpose : allow LocationEM to set mnld property
+typeattribute platform_app system_writes_vendor_properties_violators;
 set_prop(platform_app, mnld_prop)
 
 # Date : WK17.46
diff --git a/non_plat/ppp.te b/non_plat/ppp.te
index 65805b8..67c36b8 100644
--- a/non_plat/ppp.te
+++ b/non_plat/ppp.te
@@ -5,6 +5,6 @@
 # Date : WK14.37
 # Operation : Migration
 # Purpose: for PPPOE Test: Property permission
-
+typeattribute ppp system_writes_vendor_properties_violators;
 allow ppp pppoe_ppp0_prop:property_service set;
 
diff --git a/non_plat/radio.te b/non_plat/radio.te
index 0fc5ee8..50ee460 100644
--- a/non_plat/radio.te
+++ b/non_plat/radio.te
@@ -14,6 +14,8 @@ allow radio surfaceflinger:fifo_file { rw_file_perms };
 # Date : WK16.14 2016/03/30
 # Operation : IT
 # Purpose : for engineermode camera app mode
+
+typeattribute radio system_writes_vendor_properties_violators;
 allow radio mtk_em_prop:property_service set;
 
 # Date : WK16.24 2016/06/10
diff --git a/non_plat/shell.te b/non_plat/shell.te
index 3a4c196..8a1ca8e 100644
--- a/non_plat/shell.te
+++ b/non_plat/shell.te
@@ -13,6 +13,7 @@ binder_call(shell, mtk_hal_camera)
 
 # Date : WK17.35
 # Purpose : allow shell to set mtkcam property.
+typeattribute shell system_writes_vendor_properties_violators;
 set_prop(shell, mtkcam_prop)
 
 # Date : WK17.36
diff --git a/non_plat/system_app.te b/non_plat/system_app.te
index 9af38c4..9814f28 100644
--- a/non_plat/system_app.te
+++ b/non_plat/system_app.te
@@ -13,6 +13,7 @@ hal_client_domain(system_app, mtk_hal_lbs)
 
 #Dat: 2017/02/14
 #Purpose: allow set telephony Sensitive property
+typeattribute system_app system_writes_vendor_properties_violators;
 set_prop(system_app, mtk_telephony_sensitive_prop)
 
 
diff --git a/non_plat/system_server.te b/non_plat/system_server.te
index 0c13821..6c0e8a4 100644
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@@ -88,6 +88,7 @@ allow system_server proc_mtktz:file r_file_perms;
 # Operation: PowerManager set persist.meta.connecttype property
 # Purpose: Reboot target to meta mode,
 # and set persist.meta.connecttype as "wifi" or "usb".
+typeattribute system_server system_writes_vendor_properties_violators;
 allow system_server meta_connecttype_prop:property_service set;
 
 # Date:W17.02