diff --git a/device.mk b/device.mk
index da70445..b06be46 100644
--- a/device.mk
+++ b/device.mk
@@ -131,5 +131,10 @@ PRODUCT_PACKAGES += \
     libOmxG711Enc \
     libstagefrighthw
 
+# Seccomp policy
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/seccomp/mediacodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
+    $(LOCAL_PATH)/seccomp/mediaextractor.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy
+
 # Call the proprietary setup
 $(call inherit-product, vendor/xiaomi/whyred/whyred-vendor.mk)
diff --git a/seccomp/mediacodec.policy b/seccomp/mediacodec.policy
new file mode 100644
index 0000000..81d042b
--- /dev/null
+++ b/seccomp/mediacodec.policy
@@ -0,0 +1,12 @@
+# device specific syscalls
+# extension of services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
+pselect6: 1
+eventfd2: 1
+sendto: 1
+recvfrom: 1
+_llseek: 1
+sysinfo: 1
+getcwd: 1
+getdents64: 1
+inotify_init1: 1
+inotify_add_watch: 1
diff --git a/seccomp/mediaextractor.policy b/seccomp/mediaextractor.policy
new file mode 100644
index 0000000..0fcf604
--- /dev/null
+++ b/seccomp/mediaextractor.policy
@@ -0,0 +1,5 @@
+# device specific syscalls.
+# extension of services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm.policy
+readlinkat: 1
+pread64: 1
+mremap: 1