diff --git a/non_plat/factory.te b/non_plat/factory.te
index 5717229..1652ef7 100644
--- a/non_plat/factory.te
+++ b/non_plat/factory.te
@@ -8,7 +8,10 @@
 # ==============================================
 # MTK Policy Rule
 # ==============================================
-file_type_auto_trans(factory, system_data_file, factory_data_file)
+#file_type_auto_trans(factory, system_data_file, factory_data_file)
+type factory, domain;
+type factory_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(factory)
 
 #============= factory ==============
 allow factory MTK_SMI_device:chr_file r_file_perms;
@@ -65,8 +68,8 @@ allow factory proc_mrdump_rst:file w_file_perms;
 #allow factory self:capability2 block_suspend;
 wakelock_use(factory);
 allow factory storage_file:dir { write create add_name search mounton };
-allow factory factory_data_file:file create_file_perms;
-allow factory shell_exec:file r_file_perms;
+#allow factory factory_data_file:file create_file_perms;
+#allow factory shell_exec:file r_file_perms;
 
 # Date: WK15.44
 # Purpose: factory idle current status
@@ -75,16 +78,16 @@ allow factory vendor_factory_idle_state_prop:property_service set;
 
 # Date: WK15.46
 # Purpose: gps factory mode
-###allow factory agpsd_data_file:dir search;
-allow factory apk_data_file:dir write;
+allow factory agpsd_data_file:dir search;
+#allow factory apk_data_file:dir write;
 #allow factory gps_data_file:dir r_dir_perms;
 #allow factory gps_data_file:dir { write open };
 #allow factory gps_data_file:file { read write };
-###allow factory gps_data_file:dir { write add_name search remove_name unlink};
-###allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
-###allow factory gps_data_file:lnk_file read;
+allow factory gps_data_file:dir { write add_name search remove_name unlink};
+allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
+allow factory gps_data_file:lnk_file read;
 # allow factory gps_emi_device:chr_file { read write };
-allow factory shell_exec:file x_file_perms;
+#allow factory shell_exec:file x_file_perms;
 allow factory storage_file:lnk_file r_file_perms;
 
 #Date: WK15.48
@@ -99,15 +102,15 @@ allow factory storage_file:lnk_file read;
 #Date: WK16.05
 #Purpose: For access NVRAM
 allow factory factory:capability chown;
-###allow factory nvram_data_file:dir create_dir_perms;
-###allow factory nvram_data_file:file create_file_perms;
-###allow factory nvram_data_file:lnk_file r_file_perms;
-###allow factory nvdata_file:lnk_file r_file_perms;
+allow factory nvram_data_file:dir create_dir_perms;
+allow factory nvram_data_file:file create_file_perms;
+allow factory nvram_data_file:lnk_file r_file_perms;
+allow factory nvdata_file:lnk_file r_file_perms;
 allow factory nvram_device:chr_file rw_file_perms;
 allow factory nvram_device:blk_file rw_file_perms;
 allow factory nvdata_device:blk_file rw_file_perms;
 # Purpose : Allow factory read /data/nvram link
-allow factory system_data_file:lnk_file read;
+#allow factory system_data_file:lnk_file read;
 
 #Date: WK16.12
 #Purpose: For sensor test
@@ -134,8 +137,8 @@ allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
 allow factory block_device:dir w_dir_perms;
 
 #Purpose: For EMMC test
-###allow factory nvdata_file:dir create_dir_perms;
-###allow factory nvdata_file:file create_file_perms;
+allow factory nvdata_file:dir create_dir_perms;
+allow factory nvdata_file:file create_file_perms;
 
 #Purpose: For HRM test
 allow factory hrm_device:chr_file r_file_perms;
@@ -190,8 +193,8 @@ allow factory LC898212AF_device:chr_file rw_file_perms;
 allow factory BU6429AF_device:chr_file rw_file_perms;
 allow factory DW9718AF_device:chr_file rw_file_perms;
 allow factory BU64745GWZAF_device:chr_file rw_file_perms;
-###allow factory cct_data_file:dir create_dir_perms;
-###allow factory cct_data_file:file create_file_perms;
+allow factory cct_data_file:dir create_dir_perms;
+allow factory cct_data_file:file create_file_perms;
 allow factory camera_tsf_device:chr_file rw_file_perms;
 allow factory camera_rsc_device:chr_file rw_file_perms;
 allow factory camera_gepf_device:chr_file rw_file_perms;
@@ -233,7 +236,7 @@ allow factory sysfs_boot_type:file { read open };
 
 # Date: WK16.30
 #Purpose: For gps test
-allow factory media_rw_data_file:dir search;
+#allow factory media_rw_data_file:dir search;
 #allow factory gps_data_file:dir add_name;
 #TODO:: MTK need to remove later
 not_full_treble(`
@@ -243,13 +246,13 @@ not_full_treble(`
 # Date: WK16.31
 #Purpose: For gps test
 allow factory mnld_prop:property_service set;
-allow factory media_rw_data_file:dir { read open };
+#allow factory media_rw_data_file:dir { read open };
 #allow factory gps_data_file:file create_file_perms;
 
 # Date: WK16.33
 #Purpose: for unmount sdcardfs and stop services which are using data partition
 allow factory sdcard_type:filesystem unmount;
-allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
+#allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
 allow factory ctl_default_prop:property_service set;
 
 # Date : WK16.35
@@ -274,7 +277,7 @@ allow factory debugfs_ion:dir search;
 # Date: WK17.27
 # Purpose: STMicro NFC solution integration
 allow factory st21nfc_device:chr_file { open read getattr write ioctl };
-allow factory nfc_socket:dir search;
+#allow factory nfc_socket:dir search;
 #allow factory vendor_file:file { getattr execute execute_no_trans read open };
 set_prop(factory,hwservicemanager_prop);
 hwbinder_use(factory);
@@ -303,3 +306,29 @@ allow factory sysfs_therm:file {open read write};
 #"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 allow factory sysfs_comport_type:file rw_file_perms;
 allow factory sysfs_uart_info:file rw_file_perms;
+
+
+# from private
+allow factory property_socket:sock_file write;
+allow factory init:unix_stream_socket connectto;
+allow factory kernel:system module_request;
+allow factory node:tcp_socket node_bind;
+allow factory userdata_block_device:blk_file rw_file_perms;
+allow factory port:tcp_socket { name_bind name_connect };
+#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
+allow factory sdcard_type:dir r_dir_perms;
+### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
+#allow factory self:netlink_route_socket create_socket_perms;
+allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
+allow factory proc_net:file { read getattr open };
+allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
+allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
+
+allow factory self:process execmem;
+allow factory self:tcp_socket create_stream_socket_perms;
+allow factory self:udp_socket create_socket_perms;
+
+allow factory sysfs_wake_lock:file rw_file_perms;
+##allow factory system_data_file:dir w_dir_perms;
+##allow factory system_data_file:sock_file create_file_perms;
+allow factory system_file:file x_file_perms;
diff --git a/non_plat/file_contexts b/non_plat/file_contexts
index 11d21e0..b8d9a2b 100644
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@@ -548,6 +548,7 @@
 /(system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0
 /(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0
 /(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
+/(system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0
 
 /(system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0
 /(system\/vendor|vendor)/bin/connsyslogger u:object_r:connsyslogger_exec:s0
diff --git a/plat_private/factory.te b/plat_private/factory.te
deleted file mode 100644
index 6248acb..0000000
--- a/plat_private/factory.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory_exec , exec_type, file_type;
-typeattribute factory coredomain;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(factory)
-
-allow factory property_socket:sock_file write;
-allow factory init:unix_stream_socket connectto;
-allow factory kernel:system module_request;
-allow factory node:tcp_socket node_bind;
-allow factory userdata_block_device:blk_file rw_file_perms;
-allow factory port:tcp_socket { name_bind name_connect };
-#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
-allow factory sdcard_type:dir r_dir_perms;
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-#allow factory self:netlink_route_socket create_socket_perms;
-allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-allow factory proc_net:file { read getattr open };
-allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
-allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
-
-allow factory self:process execmem;
-allow factory self:tcp_socket create_stream_socket_perms;
-allow factory self:udp_socket create_socket_perms;
-
-allow factory sysfs_wake_lock:file rw_file_perms;
-allow factory system_data_file:dir w_dir_perms;
-allow factory system_data_file:sock_file create_file_perms;
-allow factory system_file:file x_file_perms;
diff --git a/plat_private/file_contexts b/plat_private/file_contexts
index cf9159b..a4ef9ea 100644
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@@ -23,7 +23,6 @@
 /system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
 /system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
 /(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
-/system/bin/factory u:object_r:factory_exec:s0
 
 # google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
 /(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0
diff --git a/plat_public/factory.te b/plat_public/factory.te
deleted file mode 100644
index 92ee9ac..0000000
--- a/plat_public/factory.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory ,domain;
diff --git a/prebuilts/api/26.0/plat_private/factory.te b/prebuilts/api/26.0/plat_private/factory.te
deleted file mode 100755
index ca25c0a..0000000
--- a/prebuilts/api/26.0/plat_private/factory.te
+++ /dev/null
@@ -1,38 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory_exec , exec_type, file_type;
-typeattribute factory coredomain;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(factory)
-
-
-allow factory property_socket:sock_file write;
-allow factory init:unix_stream_socket connectto;
-allow factory kernel:system module_request;
-allow factory node:tcp_socket node_bind;
-allow factory userdata_block_device:blk_file rw_file_perms;
-#allow factory port:tcp_socket { name_bind name_connect };
-allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
-allow factory sdcard_type:dir r_dir_perms;
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-#allow factory self:netlink_route_socket create_socket_perms;
-allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-allow factory proc_net:file { read getattr open };
-allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
-allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
-
-allow factory self:process execmem;
-allow factory self:tcp_socket create_stream_socket_perms;
-allow factory self:udp_socket create_socket_perms;
-
-allow factory sysfs_wake_lock:file rw_file_perms;
-allow factory system_data_file:dir w_dir_perms;
-allow factory system_data_file:sock_file create_file_perms;
-allow factory system_file:file x_file_perms;
diff --git a/prebuilts/api/26.0/plat_public/factory.te b/prebuilts/api/26.0/plat_public/factory.te
deleted file mode 100755
index 92ee9ac..0000000
--- a/prebuilts/api/26.0/plat_public/factory.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory ,domain;