diff --git a/non_plat/bootanim.te b/non_plat/bootanim.te
index 91b6e86..6813806 100644
--- a/non_plat/bootanim.te
+++ b/non_plat/bootanim.te
@@ -21,3 +21,8 @@ allow bootanim proc_ged:file {open read write ioctl getattr};
 # Purpose : For MTK perfmgr
 allow bootanim proc_perfmgr:dir {search read};
 allow bootanim proc_perfmgr:file {open read ioctl};
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(bootanim, vendor_default_prop)
diff --git a/non_plat/installd.te b/non_plat/installd.te
new file mode 100644
index 0000000..920cee1
--- /dev/null
+++ b/non_plat/installd.te
@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(installd, vendor_default_prop)
diff --git a/non_plat/keystore.te b/non_plat/keystore.te
index 9d7e4c7..57d987a 100644
--- a/non_plat/keystore.te
+++ b/non_plat/keystore.te
@@ -12,3 +12,8 @@ allow keystore app_data_file:file write;
 # Purpose : Fix keystore boot selinux violation
 #allow keystore debugfs_tracing:file write;
 allow hal_keymaster_default debugfs_tracing:file write;
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(keystore, vendor_default_prop)
diff --git a/non_plat/mediadrmserver.te b/non_plat/mediadrmserver.te
index 066a632..82ff50f 100644
--- a/non_plat/mediadrmserver.te
+++ b/non_plat/mediadrmserver.te
@@ -14,3 +14,8 @@ allow mediadrmserver proc_ged:file {open read write ioctl getattr};
 # Purpose : Change thermal config
 allow mediaserver mtk_thermal_config_prop:file { getattr open read };
 allow mediaserver mtk_thermal_config_prop:property_service set;
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mediadrmserver, vendor_default_prop)
diff --git a/non_plat/mediaextractor.te b/non_plat/mediaextractor.te
index 12157b8..ca62bd1 100644
--- a/non_plat/mediaextractor.te
+++ b/non_plat/mediaextractor.te
@@ -5,3 +5,8 @@
 # Date : WK16.33
 # Purpose: Allow to access ged for gralloc_extra functions
 allow mediaextractor proc_ged:file {open read write ioctl getattr};
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mediaextractor, vendor_default_prop)
diff --git a/non_plat/mediametrics.te b/non_plat/mediametrics.te
new file mode 100644
index 0000000..8c8c32b
--- /dev/null
+++ b/non_plat/mediametrics.te
@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mediametrics, vendor_default_prop)
diff --git a/non_plat/mobile_log_d.te b/non_plat/mobile_log_d.te
index 87f8c0d..e5f4c4c 100644
--- a/non_plat/mobile_log_d.te
+++ b/non_plat/mobile_log_d.te
@@ -56,3 +56,8 @@ allow mobile_log_d port:tcp_socket { name_connect name_bind };
 allow mobile_log_d mobile_log_d:tcp_socket { create connect setopt bind };
 allow mobile_log_d mobile_log_d:tcp_socket { bind setopt listen accept read write };
 allow mobile_log_d node:tcp_socket node_bind;
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(mobile_log_d, vendor_default_prop)
diff --git a/non_plat/netdiag.te b/non_plat/netdiag.te
index cb19c48..92e05b5 100644
--- a/non_plat/netdiag.te
+++ b/non_plat/netdiag.te
@@ -26,3 +26,8 @@ allow netdiag mmc_prop:file { getattr open };
 # purpose: allow netdiag to access storage in new version
 allow netdiag media_rw_data_file:file  { create_file_perms };
 allow netdiag media_rw_data_file:dir { create_dir_perms };
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(netdiag, vendor_default_prop)
diff --git a/non_plat/system_server.te b/non_plat/system_server.te
index ff4c784..050ed8d 100644
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@@ -191,3 +191,8 @@ allow system_server mtk_thermal_config_prop:property_service set;
 # Purpose : perfmgr permission
 allow system_server proc_perfmgr:dir {read search};
 allow system_server proc_perfmgr:file {open read ioctl};
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(system_server, vendor_default_prop)
diff --git a/plat_private/statsd.te b/plat_private/statsd.te
new file mode 100644
index 0000000..5104867
--- /dev/null
+++ b/plat_private/statsd.te
@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(statsd, vendor_default_prop)
diff --git a/plat_private/storaged.te b/plat_private/storaged.te
new file mode 100644
index 0000000..6cc8b60
--- /dev/null
+++ b/plat_private/storaged.te
@@ -0,0 +1,8 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK18.20
+# Operation : Migration
+# Purpose : no permission for vendor_default_prop
+get_prop(storaged, vendor_default_prop)