diff --git a/BoardConfig-common.mk b/BoardConfig-common.mk
index 033ad532..c922bcdd 100644
--- a/BoardConfig-common.mk
+++ b/BoardConfig-common.mk
@@ -243,7 +243,26 @@ endif
 BOARD_SYSTEM_KERNEL_MODULES_LOAD := $(strip $(shell cat $(KERNEL_MODULE_DIR)/system_dlkm.modules.load 2>/dev/null))
 BOARD_SYSTEM_KERNEL_MODULES := $(addprefix $(KERNEL_MODULE_DIR)/, $(notdir $(BOARD_SYSTEM_KERNEL_MODULES_LOAD)))
 
-include device/google/gs201/sepolicy/gs201-sepolicy.mk
+# SEPolicy
+BOARD_VENDOR_SEPOLICY_DIRS += \
+    hardware/google/pixel-sepolicy/googlebattery \
+    hardware/google/pixel-sepolicy/input \
+    hardware/google/pixel-sepolicy/powerstats \
+    device/google/gs201/sepolicy/certificates \
+    device/google/gs201/sepolicy/recovery \
+    device/google/gs201/sepolicy/vendor
+
+PRODUCT_PRIVATE_SEPOLICY_DIRS += \
+    device/google/gs201/sepolicy/product/private
+
+PRODUCT_PUBLIC_SEPOLICY_DIRS += \
+    device/google/gs201/sepolicy/product/public
+
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \
+    device/google/gs201/sepolicy/system_ext/private
+
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += \
+    device/google/gs201/sepolicy/system_ext/public
 
 # Battery options
 BOARD_KERNEL_CMDLINE += at24.write_timeout=100
diff --git a/sepolicy/OWNERS b/sepolicy/OWNERS
deleted file mode 100644
index 5232bc31..00000000
--- a/sepolicy/OWNERS
+++ /dev/null
@@ -1,4 +0,0 @@
-include device/google/gs-common:/sepolicy/OWNERS
-
-adamshih@google.com
-
diff --git a/sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/sepolicy/certificates/certs/EuiccSupportPixel.x509.pem
similarity index 100%
rename from sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
rename to sepolicy/certificates/certs/EuiccSupportPixel.x509.pem
diff --git a/sepolicy/whitechapel_pro/certs/app.x509.pem b/sepolicy/certificates/certs/app.x509.pem
similarity index 100%
rename from sepolicy/whitechapel_pro/certs/app.x509.pem
rename to sepolicy/certificates/certs/app.x509.pem
diff --git a/sepolicy/whitechapel_pro/certs/com_google_android_apps_camera_services.x509.pem b/sepolicy/certificates/certs/com_google_android_apps_camera_services.x509.pem
similarity index 100%
rename from sepolicy/whitechapel_pro/certs/com_google_android_apps_camera_services.x509.pem
rename to sepolicy/certificates/certs/com_google_android_apps_camera_services.x509.pem
diff --git a/sepolicy/whitechapel_pro/certs/com_google_mds.x509.pem b/sepolicy/certificates/certs/com_google_mds.x509.pem
similarity index 100%
rename from sepolicy/whitechapel_pro/certs/com_google_mds.x509.pem
rename to sepolicy/certificates/certs/com_google_mds.x509.pem
diff --git a/sepolicy/system_ext/private/certs/com_qorvo_uwb.x509.pem b/sepolicy/certificates/certs/com_qorvo_uwb.x509.pem
similarity index 100%
rename from sepolicy/system_ext/private/certs/com_qorvo_uwb.x509.pem
rename to sepolicy/certificates/certs/com_qorvo_uwb.x509.pem
diff --git a/sepolicy/certificates/keys.conf b/sepolicy/certificates/keys.conf
new file mode 100644
index 00000000..84d5c696
--- /dev/null
+++ b/sepolicy/certificates/keys.conf
@@ -0,0 +1,14 @@
+[@GOOGLE]
+ALL : device/google/gs201/sepolicy/certificates/certs/app.x509.pem
+
+[@CAMERASERVICES]
+ALL : device/google/gs201/sepolicy/certificates/certs/com_google_android_apps_camera_services.x509.pem
+
+[@MDS]
+ALL : device/google/gs201/sepolicy/certificates/certs/com_google_mds.x509.pem
+
+[@UWB]
+ALL : device/google/gs201/sepolicy/certificates/certs/com_qorvo_uwb.x509.pem
+
+[@EUICCSUPPORTPIXEL]
+ALL : device/google/gs201/sepolicy/certificates/certs/EuiccSupportPixel.x509.pem
diff --git a/sepolicy/whitechapel_pro/mac_permissions.xml b/sepolicy/certificates/mac_permissions.xml
similarity index 85%
rename from sepolicy/whitechapel_pro/mac_permissions.xml
rename to sepolicy/certificates/mac_permissions.xml
index 290daa9c..5b4e2c46 100644
--- a/sepolicy/whitechapel_pro/mac_permissions.xml
+++ b/sepolicy/certificates/mac_permissions.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <policy>
-
 <!--
-
     * A signature is a hex encoded X.509 certificate or a tag defined in
       keys.conf and is required for each signer tag.
     * A signer tag may contain a seinfo tag and multiple package stanzas.
@@ -22,21 +20,18 @@
 -->
     <!-- google apps key -->
     <signer signature="@GOOGLE" >
-      <seinfo value="google" />
+        <seinfo value="google" />
+    </signer>
+    <signer signature="@CAMERASERVICES" >
+        <seinfo value="CameraServices" />
     </signer>
     <signer signature="@MDS" >
         <seinfo value="mds" />
     </signer>
+    <signer signature="@UWB" >
+        <seinfo value="uwb" />
+    </signer>
     <signer signature="@EUICCSUPPORTPIXEL" >
         <seinfo value="EuiccSupportPixel" />
     </signer>
-    <signer signature="@CAMERAENG" >
-      <seinfo value="CameraEng" />
-    </signer>
-    <signer signature="@CAMERAFISHFOOD" >
-      <seinfo value="CameraFishfood" />
-    </signer>
-    <signer signature="@CAMERASERVICES" >
-      <seinfo value="CameraServices" />
-    </signer>
 </policy>
diff --git a/sepolicy/gs201-sepolicy.mk b/sepolicy/gs201-sepolicy.mk
deleted file mode 100644
index 5283815b..00000000
--- a/sepolicy/gs201-sepolicy.mk
+++ /dev/null
@@ -1,95 +0,0 @@
-# ConnectivityThermalPowerManager
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/connectivity_thermal_power_manager
-
-# twoshay
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/input
-
-# google_battery service
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/googlebattery
-
-# sepolicy that are shared among devices using whitechapel
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs201/sepolicy/whitechapel_pro
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs201/sepolicy/widevine
-
-# unresolved SELinux error log with bug tracking
-BOARD_SEPOLICY_DIRS += device/google/gs201/sepolicy/tracking_denials
-
-PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs201/sepolicy/public
-PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs201/sepolicy/private
-
-# system_ext
-SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs201/sepolicy/system_ext/public
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs201/sepolicy/system_ext/private
-
-#
-# Pixel-wide
-#
-# Dauntless sepolicy (b/199685763)
-BOARD_SEPOLICY_DIRS += device/google/gs201/sepolicy/dauntless
-
-#   PowerStats HAL
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
-
-# Health HAL
-BOARD_SEPOLICY_DIRS += device/google/gs201/sepolicy/health
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/common
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy/vendor
-ifneq ($(filter %_cheetah %_felix %_panther, $(TARGET_PRODUCT)),)
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bcmbt/dump/sepolicy
-endif
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bootctrl/sepolicy/aidl
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/vendor
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/chre/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dauntless/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/display/sepolicy/exynos
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/edgetpu/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/fingerprint/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gear/dumpstate/sepolicy
-ifneq ($(BOARD_WITHOUT_RADIO),true)
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/brcm/sepolicy
-endif
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/dump/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/insmod/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/common/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/samsung/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/misc_writer
-ifneq ($(BOARD_WITHOUT_RADIO),true)
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/dump_modemlog/sepolicy
-endif
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/nfc/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/experiments/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixel_metrics/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixel_ril/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/radio/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump_and_coredump/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/sensors/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/soc/sepolicy/freq
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/soc/sepolicy/soc
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/storage/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/storage/sepolicy/tracking_denials
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/telephony/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy/dump
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy/thermal_hal
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/sepolicy
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/umfw_stat/sepolicy
-
-PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/product/public
-PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/product/private
-
-PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
-PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
-
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy/system_ext/private
-SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy/system_ext/public
-
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/gs_watchdogd/sepolicy
-
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/sota_app/sepolicy/system_ext
diff --git a/sepolicy/health/file_contexts b/sepolicy/health/file_contexts
deleted file mode 100644
index 909de880..00000000
--- a/sepolicy/health/file_contexts
+++ /dev/null
@@ -1 +0,0 @@
-/vendor/bin/hw/android\.hardware\.health-service\.gs201  u:object_r:hal_health_default_exec:s0
diff --git a/sepolicy/private/debug_camera_app.te b/sepolicy/private/debug_camera_app.te
deleted file mode 100644
index c14637be..00000000
--- a/sepolicy/private/debug_camera_app.te
+++ /dev/null
@@ -1,16 +0,0 @@
-typeattribute debug_camera_app coredomain;
-
-userdebug_or_eng(`
-	app_domain(debug_camera_app)
-	net_domain(debug_camera_app)
-
-	allow debug_camera_app app_api_service:service_manager find;
-	allow debug_camera_app audioserver_service:service_manager find;
-	allow debug_camera_app cameraserver_service:service_manager find;
-	allow debug_camera_app mediaextractor_service:service_manager find;
-	allow debug_camera_app mediametrics_service:service_manager find;
-	allow debug_camera_app mediaserver_service:service_manager find;
-
-	# Allows camera app to access the PowerHAL.
-	hal_client_domain(debug_camera_app, hal_power)
-')
diff --git a/sepolicy/private/google_camera_app.te b/sepolicy/private/google_camera_app.te
deleted file mode 100644
index 6a9dff32..00000000
--- a/sepolicy/private/google_camera_app.te
+++ /dev/null
@@ -1,17 +0,0 @@
-typeattribute google_camera_app coredomain;
-
-app_domain(google_camera_app)
-net_domain(google_camera_app)
-
-allow google_camera_app app_api_service:service_manager find;
-allow google_camera_app audioserver_service:service_manager find;
-allow google_camera_app cameraserver_service:service_manager find;
-allow google_camera_app mediaextractor_service:service_manager find;
-allow google_camera_app mediametrics_service:service_manager find;
-allow google_camera_app mediaserver_service:service_manager find;
-
-# Allows camera app to access the PowerHAL.
-hal_client_domain(google_camera_app, hal_power)
-
-# Library code may try to access vendor properties, but should be denied
-dontaudit google_camera_app vendor_default_prop:file { getattr map open };
diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts
deleted file mode 100644
index bfe5a549..00000000
--- a/sepolicy/private/seapp_contexts
+++ /dev/null
@@ -1,11 +0,0 @@
-# Google Camera
-user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
-
-# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera
-user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
-
-# Google Camera Eng
-user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all
-
-# Also label GoogleCameraNext, built with debug keys as debug_camera_app.
-user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all
diff --git a/sepolicy/private/service_contexts b/sepolicy/private/service_contexts
deleted file mode 100644
index 8877518a..00000000
--- a/sepolicy/private/service_contexts
+++ /dev/null
@@ -1 +0,0 @@
-telephony.oem.oemrilhook        u:object_r:radio_service:s0
diff --git a/sepolicy/product/private/pbcs_app.te b/sepolicy/product/private/pbcs_app.te
new file mode 100644
index 00000000..89e99aa7
--- /dev/null
+++ b/sepolicy/product/private/pbcs_app.te
@@ -0,0 +1,12 @@
+typeattribute vendor_pbcs_app coredomain;
+
+add_service(vendor_pbcs_app, camera_binder_service)
+add_service(vendor_pbcs_app, camera_cameraidremapper_service)
+add_service(vendor_pbcs_app, camera_lyricconfigprovider_service)
+
+app_domain(vendor_pbcs_app)
+
+allow vendor_pbcs_app app_api_service:service_manager find;
+allow vendor_pbcs_app cameraserver_service:service_manager find;
+
+dontaudit vendor_pbcs_app system_app_data_file:dir *;
diff --git a/sepolicy/product/private/pcs_app.te b/sepolicy/product/private/pcs_app.te
new file mode 100644
index 00000000..2a064ba7
--- /dev/null
+++ b/sepolicy/product/private/pcs_app.te
@@ -0,0 +1,31 @@
+typeattribute vendor_pcs_app coredomain;
+
+app_domain(vendor_pcs_app)
+
+bluetooth_domain(vendor_pcs_app)
+
+net_domain(vendor_pcs_app)
+
+r_dir_file(vendor_pcs_app, preloads_data_file)
+r_dir_file(vendor_pcs_app, preloads_media_file)
+
+allow vendor_pcs_app app_api_service:service_manager find;
+allow vendor_pcs_app audioserver_service:service_manager find;
+allow vendor_pcs_app cache_file:dir create_dir_perms;
+allow vendor_pcs_app cache_file:file create_file_perms;
+allow vendor_pcs_app cache_file:lnk_file r_file_perms;
+allow vendor_pcs_app cache_recovery_file:dir create_dir_perms;
+allow vendor_pcs_app cache_recovery_file:file create_file_perms;
+allow vendor_pcs_app camera_cameraidremapper_service:service_manager find;
+allow vendor_pcs_app camera_lyricconfigprovider_service:service_manager find;
+allow vendor_pcs_app cameraserver_service:service_manager find;
+allow vendor_pcs_app drmserver_service:service_manager find;
+allow vendor_pcs_app media_rw_data_file:dir create_dir_perms;
+allow vendor_pcs_app media_rw_data_file:file create_file_perms;
+allow vendor_pcs_app mediametrics_service:service_manager find;
+allow vendor_pcs_app mediaserver_service:service_manager find;
+allow vendor_pcs_app nfc_service:service_manager find;
+allow vendor_pcs_app radio_service:service_manager find;
+
+dontaudit vendor_pcs_app device:dir read;
+dontaudit vendor_pcs_app usb_device:dir { open read search };
diff --git a/sepolicy/private/permissioncontroller_app.te b/sepolicy/product/private/permissioncontroller_app.te
similarity index 100%
rename from sepolicy/private/permissioncontroller_app.te
rename to sepolicy/product/private/permissioncontroller_app.te
diff --git a/sepolicy/private/radio.te b/sepolicy/product/private/radio.te
similarity index 100%
rename from sepolicy/private/radio.te
rename to sepolicy/product/private/radio.te
diff --git a/sepolicy/product/private/seapp_contexts b/sepolicy/product/private/seapp_contexts
new file mode 100644
index 00000000..7a392cdf
--- /dev/null
+++ b/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,4 @@
+user=_app seinfo=CameraServices name=com.google.android.apps.camera.services domain=vendor_pcs_app type=app_data_file levelFrom=all
+user=_app seinfo=CameraServices name=com.google.android.apps.camera.services:* domain=vendor_pcs_app type=app_data_file levelFrom=all
+user=system seinfo=platform name=com.google.pixel.camera.services domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
+user=system seinfo=platform name=com.google.pixel.camera.services:* domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
diff --git a/sepolicy/product/private/service_contexts b/sepolicy/product/private/service_contexts
new file mode 100644
index 00000000..8cc27845
--- /dev/null
+++ b/sepolicy/product/private/service_contexts
@@ -0,0 +1,4 @@
+com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:camera_binder_service:s0
+com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:camera_cameraidremapper_service:s0
+com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:camera_lyricconfigprovider_service:s0
+telephony.oem.oemrilhook u:object_r:radio_service:s0
diff --git a/sepolicy/product/public/pbcs_app.te b/sepolicy/product/public/pbcs_app.te
new file mode 100644
index 00000000..71807192
--- /dev/null
+++ b/sepolicy/product/public/pbcs_app.te
@@ -0,0 +1 @@
+type vendor_pbcs_app, domain;
diff --git a/sepolicy/product/public/pcs_app.te b/sepolicy/product/public/pcs_app.te
new file mode 100644
index 00000000..fb8b0a10
--- /dev/null
+++ b/sepolicy/product/public/pcs_app.te
@@ -0,0 +1 @@
+type vendor_pcs_app, domain;
diff --git a/sepolicy/product/public/service.te b/sepolicy/product/public/service.te
new file mode 100644
index 00000000..e5836b9c
--- /dev/null
+++ b/sepolicy/product/public/service.te
@@ -0,0 +1,3 @@
+type camera_binder_service, hal_service_type, protected_service, service_manager_type;
+type camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type;
+type camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
diff --git a/sepolicy/public/debug_camera_app.te b/sepolicy/public/debug_camera_app.te
deleted file mode 100644
index 6f497680..00000000
--- a/sepolicy/public/debug_camera_app.te
+++ /dev/null
@@ -1 +0,0 @@
-type debug_camera_app, domain;
diff --git a/sepolicy/public/google_camera_app.te b/sepolicy/public/google_camera_app.te
deleted file mode 100644
index c93038cc..00000000
--- a/sepolicy/public/google_camera_app.te
+++ /dev/null
@@ -1 +0,0 @@
-type google_camera_app, domain;
diff --git a/sepolicy/recovery/fastbootd.te b/sepolicy/recovery/fastbootd.te
new file mode 100644
index 00000000..490e2af0
--- /dev/null
+++ b/sepolicy/recovery/fastbootd.te
@@ -0,0 +1,8 @@
+recovery_only(`
+  allow fastbootd citadel_device:chr_file rw_file_perms;
+  allow fastbootd custom_ab_block_device:blk_file rw_file_perms;
+  allow fastbootd devinfo_block_device:blk_file rw_file_perms;
+  allow fastbootd sda_block_device:blk_file rw_file_perms;
+  allow fastbootd st54spi_device:chr_file rw_file_perms;
+  allow fastbootd sysfs_ota:file rw_file_perms;
+')
diff --git a/sepolicy/recovery/hal_bootctl_default.te b/sepolicy/recovery/hal_bootctl_default.te
new file mode 100644
index 00000000..cc85ae1b
--- /dev/null
+++ b/sepolicy/recovery/hal_bootctl_default.te
@@ -0,0 +1,3 @@
+recovery_only(`
+  allow hal_bootctl_default rootfs:dir r_dir_perms;
+')
diff --git a/sepolicy/recovery/recovery.te b/sepolicy/recovery/recovery.te
new file mode 100644
index 00000000..7e1f4abe
--- /dev/null
+++ b/sepolicy/recovery/recovery.te
@@ -0,0 +1,7 @@
+recovery_only(`
+  allow recovery citadel_device:chr_file rw_file_perms;
+  allow recovery st54spi_device:chr_file rw_file_perms;
+  allow recovery sysfs_ota:file rw_file_perms;
+  allow recovery sysfs_scsi_devices_0000:file r_file_perms;
+  allow recovery sysfs_scsi_devices_0000:dir r_dir_perms;
+')
diff --git a/sepolicy/system_ext/private/bluetooth_gci.te b/sepolicy/system_ext/private/bluetooth_gci.te
new file mode 100644
index 00000000..e0c6abf4
--- /dev/null
+++ b/sepolicy/system_ext/private/bluetooth_gci.te
@@ -0,0 +1,9 @@
+init_daemon_domain(bluetooth_gci)
+
+allow bluetooth_gci bluetooth_data_file:dir ra_dir_perms;
+allow bluetooth_gci bluetooth_data_file:file create_file_perms;
+allow bluetooth_gci fuse:dir r_dir_perms;
+allow bluetooth_gci fuse:file r_file_perms;
+allow bluetooth_gci media_rw_data_file:dir ra_dir_perms;
+allow bluetooth_gci media_rw_data_file:file r_file_perms;
+allow bluetooth_gci mnt_user_file:dir search;
diff --git a/sepolicy/system_ext/private/con_monitor.te b/sepolicy/system_ext/private/con_monitor_app.te
similarity index 99%
rename from sepolicy/system_ext/private/con_monitor.te
rename to sepolicy/system_ext/private/con_monitor_app.te
index c68ec1f8..d0667d29 100644
--- a/sepolicy/system_ext/private/con_monitor.te
+++ b/sepolicy/system_ext/private/con_monitor_app.te
@@ -3,5 +3,6 @@ typeattribute con_monitor_app coredomain;
 app_domain(con_monitor_app)
 
 set_prop(con_monitor_app, radio_prop)
+
 allow con_monitor_app app_api_service:service_manager find;
 allow con_monitor_app radio_service:service_manager find;
diff --git a/sepolicy/system_ext/private/connectivity_thermal_power_manager.te b/sepolicy/system_ext/private/connectivity_thermal_power_manager.te
new file mode 100644
index 00000000..be59c65c
--- /dev/null
+++ b/sepolicy/system_ext/private/connectivity_thermal_power_manager.te
@@ -0,0 +1,9 @@
+type connectivity_thermal_power_manager, coredomain, domain, system_suspend_internal_server;
+
+app_domain(connectivity_thermal_power_manager)
+
+hal_client_domain(connectivity_thermal_power_manager, hal_power_stats)
+
+allow connectivity_thermal_power_manager app_api_service:service_manager find;
+allow connectivity_thermal_power_manager radio_service:service_manager find;
+allow connectivity_thermal_power_manager system_api_service:service_manager find;
diff --git a/sepolicy/system_ext/private/dcservice_app.te b/sepolicy/system_ext/private/dcservice_app.te
new file mode 100644
index 00000000..e0a9b974
--- /dev/null
+++ b/sepolicy/system_ext/private/dcservice_app.te
@@ -0,0 +1,16 @@
+typeattribute dcservice_app coredomain;
+
+app_domain(dcservice_app)
+
+get_prop(dcservice_app, bluetooth_lea_prop)
+
+net_domain(dcservice_app)
+
+set_prop(dcservice_app, ctl_start_prop)
+
+allow dcservice_app app_api_service:service_manager find;
+allow dcservice_app audioserver_service:service_manager find;
+allow dcservice_app nfc_service:service_manager find;
+allow dcservice_app privapp_data_file:file execute;
+allow dcservice_app privapp_data_file:lnk_file r_file_perms;
+allow dcservice_app radio_service:service_manager find;
diff --git a/sepolicy/system_ext/private/file.te b/sepolicy/system_ext/private/file.te
index 9344be7e..1d62e325 100644
--- a/sepolicy/system_ext/private/file.te
+++ b/sepolicy/system_ext/private/file.te
@@ -1,2 +1,2 @@
-
-type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
+type repair_mode_metadata_config_file, file_type, mlstrustedobject;
+type uwb_vendor_data_file, app_data_file_type, data_file_type, file_type;
diff --git a/sepolicy/system_ext/private/file_contexts b/sepolicy/system_ext/private/file_contexts
new file mode 100644
index 00000000..9b304684
--- /dev/null
+++ b/sepolicy/system_ext/private/file_contexts
@@ -0,0 +1,4 @@
+/dev/watchdog[0-9] u:object_r:watchdog_device:s0
+/metadata/repair-mode/config(/.*)? u:object_r:repair_mode_metadata_config_file:s0
+/system_ext/bin/bluetooth_gci u:object_r:bluetooth_gci_exec:s0
+/system_ext/bin/gs_watchdogd u:object_r:gs_watchdogd_exec:s0
diff --git a/sepolicy/system_ext/private/gs_watchdogd.te b/sepolicy/system_ext/private/gs_watchdogd.te
new file mode 100644
index 00000000..d1ba1482
--- /dev/null
+++ b/sepolicy/system_ext/private/gs_watchdogd.te
@@ -0,0 +1,8 @@
+type gs_watchdogd, coredomain, domain;
+type gs_watchdogd_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(gs_watchdogd)
+
+allow gs_watchdogd kmsg_device:chr_file rw_file_perms;
+allow gs_watchdogd sysfs:dir r_dir_perms;
+allow gs_watchdogd watchdog_device:chr_file rw_file_perms;
diff --git a/sepolicy/system_ext/private/hbmsvmanager_app.te b/sepolicy/system_ext/private/hbmsvmanager_app.te
index 6f5ff7ac..4ec8a88f 100644
--- a/sepolicy/system_ext/private/hbmsvmanager_app.te
+++ b/sepolicy/system_ext/private/hbmsvmanager_app.te
@@ -1,11 +1,8 @@
 typeattribute hbmsvmanager_app coredomain;
 
-app_domain(hbmsvmanager_app);
+app_domain(hbmsvmanager_app)
 
+allow hbmsvmanager_app app_api_service:service_manager find;
+allow hbmsvmanager_app cameraserver_service:service_manager find;
 allow hbmsvmanager_app proc_vendor_sched:dir r_dir_perms;
 allow hbmsvmanager_app proc_vendor_sched:file w_file_perms;
-
-# Standard system services
-allow hbmsvmanager_app app_api_service:service_manager find;
-
-allow hbmsvmanager_app cameraserver_service:service_manager find;
diff --git a/sepolicy/system_ext/private/keys.conf b/sepolicy/system_ext/private/keys.conf
deleted file mode 100644
index 8c8c9a8d..00000000
--- a/sepolicy/system_ext/private/keys.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-[@UWB]
-ALL : device/google/gs201/sepolicy/system_ext/private/certs/com_qorvo_uwb.x509.pem
-
diff --git a/sepolicy/system_ext/private/mac_permissions.xml b/sepolicy/system_ext/private/mac_permissions.xml
deleted file mode 100644
index 51af79f6..00000000
--- a/sepolicy/system_ext/private/mac_permissions.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policy>
-
-<!--
-
-    * A signature is a hex encoded X.509 certificate or a tag defined in
-      keys.conf and is required for each signer tag.
-    * A signer tag may contain a seinfo tag and multiple package stanzas.
-    * A default tag is allowed that can contain policy for all apps not signed with a
-      previously listed cert. It may not contain any inner package stanzas.
-    * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
-      represents additional info that each app can use in setting a SELinux security
-      context on the eventual process.
-    * When a package is installed the following logic is used to determine what seinfo
-      value, if any, is assigned.
-      - All signatures used to sign the app are checked first.
-      - If a signer stanza has inner package stanzas, those stanza will be checked
-        to try and match the package name of the app. If the package name matches
-        then that seinfo tag is used. If no inner package matches then the outer
-        seinfo tag is assigned.
-      - The default tag is consulted last if needed.
--->
-    <!-- google apps key -->
-    <signer signature="@UWB" >
-        <seinfo value="uwb" />
-    </signer>
-</policy>
diff --git a/sepolicy/system_ext/private/pixelntnservice_app.te b/sepolicy/system_ext/private/pixelntnservice_app.te
index 8bf71cc9..7c98c24e 100644
--- a/sepolicy/system_ext/private/pixelntnservice_app.te
+++ b/sepolicy/system_ext/private/pixelntnservice_app.te
@@ -1,5 +1,7 @@
 typeattribute pixelntnservice_app coredomain;
 
-app_domain(pixelntnservice_app);
-allow pixelntnservice_app app_api_service:service_manager find;
+app_domain(pixelntnservice_app)
+
 set_prop(pixelntnservice_app, telephony_modem_prop)
+
+allow pixelntnservice_app app_api_service:service_manager find;
diff --git a/sepolicy/system_ext/private/platform_app.te b/sepolicy/system_ext/private/platform_app.te
index 20042f25..a93aa38e 100644
--- a/sepolicy/system_ext/private/platform_app.te
+++ b/sepolicy/system_ext/private/platform_app.te
@@ -1,2 +1,3 @@
-# allow systemui access to fingerprint
+get_prop(platform_app, bluetooth_lea_prop)
+
 hal_client_domain(platform_app, hal_fingerprint)
diff --git a/sepolicy/system_ext/private/property.te b/sepolicy/system_ext/private/property.te
new file mode 100644
index 00000000..d60bf105
--- /dev/null
+++ b/sepolicy/system_ext/private/property.te
@@ -0,0 +1 @@
+system_internal_prop(repair_mode_init_prop)
diff --git a/sepolicy/system_ext/private/property_contexts b/sepolicy/system_ext/private/property_contexts
index 4e60110f..6b705a09 100644
--- a/sepolicy/system_ext/private/property_contexts
+++ b/sepolicy/system_ext/private/property_contexts
@@ -1,6 +1,4 @@
-# Fingerprint (UDFPS) GHBM/LHBM toggle
-persist.fingerprint.ghbm    u:object_r:fingerprint_ghbm_prop:s0    exact    bool
-
-# Telephony
-telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0    exact enum ntn tn
-telephony.ril.silent_reset    u:object_r:telephony_ril_prop:s0    exact    bool
+persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool
+repair_mode.init_completed. u:object_r:repair_mode_init_prop:s0 prefix bool
+telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum ntn tn
+telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool
diff --git a/sepolicy/system_ext/private/repair_mode_app.te b/sepolicy/system_ext/private/repair_mode_app.te
new file mode 100644
index 00000000..cf7a9e29
--- /dev/null
+++ b/sepolicy/system_ext/private/repair_mode_app.te
@@ -0,0 +1,14 @@
+type repair_mode_app, coredomain, domain;
+
+app_domain(repair_mode_app)
+
+get_prop(repair_mode_app, gsid_prop)
+
+set_prop(repair_mode_app, repair_mode_init_prop)
+
+allow repair_mode_app app_api_service:service_manager find;
+allow repair_mode_app metadata_file:dir search;
+allow repair_mode_app repair_mode_metadata_config_file:dir rw_dir_perms;
+allow repair_mode_app repair_mode_metadata_config_file:file create_file_perms;
+allow repair_mode_app repair_mode_metadata_file:dir search;
+allow repair_mode_app system_api_service:service_manager find;
diff --git a/sepolicy/system_ext/private/seapp_contexts b/sepolicy/system_ext/private/seapp_contexts
index 0a2050e2..a3a0aadb 100644
--- a/sepolicy/system_ext/private/seapp_contexts
+++ b/sepolicy/system_ext/private/seapp_contexts
@@ -1,12 +1,8 @@
-# Domain for connectivity monitor
+user=_app isPrivApp=true name=com.google.android.apps.pixel.dcservice domain=dcservice_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.apps.pixel.dcservice.ui domain=dcservice_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
-
-# HbmSVManager
-user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
-
-# Qorvo UWB system app
-# TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
-
-# PixelNtnService
+user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
+user=_app seinfo=platform name=com.google.android.connectivitythermalpowermanager domain=connectivity_thermal_power_manager type=app_data_file levelFrom=all
+user=system seinfo=platform name=com.google.android.repairmode domain=repair_mode_app type=app_data_file levelFrom=user
 user=system seinfo=platform name=com.google.android.satellite domain=pixelntnservice_app type=app_data_file levelFrom=all
diff --git a/sepolicy/system_ext/private/uwb_vendor_app.te b/sepolicy/system_ext/private/uwb_vendor_app.te
index 3ae5ecd3..089bdb9f 100644
--- a/sepolicy/system_ext/private/uwb_vendor_app.te
+++ b/sepolicy/system_ext/private/uwb_vendor_app.te
@@ -1,12 +1,7 @@
 app_domain(uwb_vendor_app)
 
-not_recovery(`
-
 allow uwb_vendor_app app_api_service:service_manager find;
 allow uwb_vendor_app nfc_service:service_manager find;
 allow uwb_vendor_app radio_service:service_manager find;
-
-allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
 allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
-
-')
+allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/system_ext/public/bluetooth_gci.te b/sepolicy/system_ext/public/bluetooth_gci.te
new file mode 100644
index 00000000..823a51af
--- /dev/null
+++ b/sepolicy/system_ext/public/bluetooth_gci.te
@@ -0,0 +1,2 @@
+type bluetooth_gci, coredomain, domain;
+type bluetooth_gci_exec, exec_type, file_type, system_file_type;
diff --git a/sepolicy/system_ext/public/con_monitor.te b/sepolicy/system_ext/public/con_monitor_app.te
similarity index 53%
rename from sepolicy/system_ext/public/con_monitor.te
rename to sepolicy/system_ext/public/con_monitor_app.te
index 6a4d1dac..db7009b3 100644
--- a/sepolicy/system_ext/public/con_monitor.te
+++ b/sepolicy/system_ext/public/con_monitor_app.te
@@ -1,2 +1 @@
-# ConnectivityMonitor app
 type con_monitor_app, domain;
diff --git a/sepolicy/system_ext/public/dcservice_app.te b/sepolicy/system_ext/public/dcservice_app.te
new file mode 100644
index 00000000..924f29cb
--- /dev/null
+++ b/sepolicy/system_ext/public/dcservice_app.te
@@ -0,0 +1 @@
+type dcservice_app, domain;
diff --git a/sepolicy/system_ext/public/property.te b/sepolicy/system_ext/public/property.te
index e194720a..61f76154 100644
--- a/sepolicy/system_ext/public/property.te
+++ b/sepolicy/system_ext/public/property.te
@@ -1,10 +1,5 @@
-# Fingerprint (UDFPS) GHBM/LHBM toggle
-system_vendor_config_prop(fingerprint_ghbm_prop)
-
-# Telephony
 system_public_prop(telephony_ril_prop)
+
 system_restricted_prop(telephony_modem_prop)
 
-userdebug_or_eng(`
-  set_prop(shell, telephony_ril_prop)
-')
+system_vendor_config_prop(fingerprint_ghbm_prop)
diff --git a/sepolicy/system_ext/public/uwb_vendor_app.te b/sepolicy/system_ext/public/uwb_vendor_app.te
index 6824e4e9..6136373b 100644
--- a/sepolicy/system_ext/public/uwb_vendor_app.te
+++ b/sepolicy/system_ext/public/uwb_vendor_app.te
@@ -1,2 +1 @@
 type uwb_vendor_app, domain;
-
diff --git a/sepolicy/tracking_denials/README.txt b/sepolicy/tracking_denials/README.txt
deleted file mode 100644
index 6cfc62df..00000000
--- a/sepolicy/tracking_denials/README.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-This folder stores known errors detected by PTS. Be sure to remove relevant
-files to reproduce error log on latest ROMs.
diff --git a/sepolicy/tracking_denials/bluetooth.te b/sepolicy/tracking_denials/bluetooth.te
deleted file mode 100644
index 0b18dd9e..00000000
--- a/sepolicy/tracking_denials/bluetooth.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/382362323
-dontaudit bluetooth default_android_service:service_manager { find };
diff --git a/sepolicy/tracking_denials/bug_map b/sepolicy/tracking_denials/bug_map
deleted file mode 100644
index 852b3914..00000000
--- a/sepolicy/tracking_denials/bug_map
+++ /dev/null
@@ -1,53 +0,0 @@
-aconfigd apex_info_file file b/381326452
-bluetooth audio_config_prop file b/379245738
-dump_display sysfs file b/350831939
-dump_modem sscoredump_vendor_data_coredump_file dir b/361726277
-dump_modem sscoredump_vendor_data_logcat_file dir b/361726277
-dumpstate unlabeled file b/350832009
-hal_audio_default hal_audio_default binder b/395745737
-hal_bluetooth_synabtlinux device chr_file b/386303831
-hal_camera_default aconfig_storage_metadata_file dir b/383013727
-hal_contexthub_default hal_bluetooth_service service_manager b/396573096
-hal_drm_widevine system_userdir_file dir b/393956479
-hal_drm_widevine widevine_sys_vendor_prop file b/393956479
-hal_face_default traced_producer_socket sock_file b/305600808
-hal_power_default hal_power_default capability b/237492146
-hal_sensors_default property_socket sock_file b/373755350
-hal_sensors_default sysfs file b/336451433
-incidentd debugfs_wakeup_sources file b/282626428
-incidentd incidentd anon_inode b/282626428
-init init capability b/379206608
-init-display-sh kmsg_device chr_file b/388949662
-insmod-sh insmod-sh key b/336451874
-insmod-sh kmsg_device chr_file b/388949536
-insmod-sh vendor_edgetpu_debugfs dir b/385858933
-kernel dm_device blk_file b/319403445
-kernel kernel capability b/336451113
-kernel tmpfs chr_file b/321731318
-pixelstats_vendor block_device dir b/369540701
-pixelstats_vendor chre_socket sock_file b/400298488
-platform_app bluetooth_lea_mode_prop file b/402595629
-platform_app vendor_fw_file dir b/377811773
-platform_app vendor_rild_prop file b/377811773
-priv_app audio_config_prop file b/379246129
-priv_app metadata_file dir b/383438008
-ramdump ramdump capability b/369475655
-ramdump_app default_prop file b/386148928
-rfsd vendor_cbd_prop file b/317734397
-shell sysfs_net file b/329380891
-ssr_detector_app default_prop file b/359428005
-surfaceflinger selinuxfs file b/315104594
-system_server vendor_default_prop file b/366116786
-untrusted_app audio_config_prop file b/379245515
-vendor_init debugfs_trace_marker file b/336451787
-vendor_init default_prop file b/315104479
-vendor_init default_prop file b/315104803
-vendor_init default_prop file b/323086703
-vendor_init default_prop file b/323086890
-vendor_init default_prop file b/329380363
-vendor_init default_prop file b/329381126
-vendor_init default_prop property_service b/315104803
-vendor_init default_prop property_service b/359427666
-vendor_init default_prop property_service b/359428317
-zygote aconfig_storage_metadata_file dir b/383949172
-zygote zygote capability b/379206941
diff --git a/sepolicy/tracking_denials/dmd.te b/sepolicy/tracking_denials/dmd.te
deleted file mode 100644
index 68719b9b..00000000
--- a/sepolicy/tracking_denials/dmd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-#b/303391666
-dontaudit dmd servicemanager:binder { call };
diff --git a/sepolicy/tracking_denials/dumpstate.te b/sepolicy/tracking_denials/dumpstate.te
deleted file mode 100644
index ffb8518c..00000000
--- a/sepolicy/tracking_denials/dumpstate.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/185723618
-dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
diff --git a/sepolicy/vendor/aocd.te b/sepolicy/vendor/aocd.te
new file mode 100644
index 00000000..321e5b4f
--- /dev/null
+++ b/sepolicy/vendor/aocd.te
@@ -0,0 +1,19 @@
+type aocd, domain;
+type aocd_exec, exec_type, file_type, vendor_file_type;
+
+get_prop(aocd, vendor_volte_mif_off)
+
+init_daemon_domain(aocd)
+
+r_dir_file(aocd, persist_aoc_file)
+
+set_prop(aocd, vendor_aoc_prop)
+set_prop(aocd, vendor_timeout_aoc_prop)
+
+allow aocd aoc_device:chr_file rw_file_perms;
+allow aocd device:dir r_dir_perms;
+allow aocd mnt_vendor_file:dir search;
+allow aocd persist_file:dir search;
+allow aocd sysfs_aoc:dir search;
+allow aocd sysfs_aoc_firmware:file w_file_perms;
+allow aocd sysfs_aoc_notifytimeout:file r_file_perms;
diff --git a/sepolicy/vendor/aocdump.te b/sepolicy/vendor/aocdump.te
new file mode 100644
index 00000000..08751180
--- /dev/null
+++ b/sepolicy/vendor/aocdump.te
@@ -0,0 +1,4 @@
+type aocdump, domain;
+type aocdump_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(aocdump)
diff --git a/sepolicy/vendor/aocx.te b/sepolicy/vendor/aocx.te
new file mode 100644
index 00000000..502b28d6
--- /dev/null
+++ b/sepolicy/vendor/aocx.te
@@ -0,0 +1 @@
+type aocx, service_manager_type;
diff --git a/sepolicy/vendor/aocxd.te b/sepolicy/vendor/aocxd.te
new file mode 100644
index 00000000..3b7795d8
--- /dev/null
+++ b/sepolicy/vendor/aocxd.te
@@ -0,0 +1,21 @@
+type aocxd, domain;
+type aocxd_exec, exec_type, file_type, vendor_file_type;
+
+add_service(aocxd, aocx)
+
+binder_call(aocxd, dcservice_app)
+
+init_daemon_domain(aocxd)
+
+set_prop(aocxd, vendor_aoc_prop)
+
+vndbinder_use(aocxd)
+
+wakelock_use(aocxd)
+
+allow aocxd aoc_device:chr_file rw_file_perms;
+allow aocxd device:dir r_dir_perms;
+allow aocxd dumpstate:fd use;
+allow aocxd dumpstate:fifo_file write;
+allow aocxd self:global_capability_class_set sys_nice;
+allow aocxd sysfs_aoc:dir search;
diff --git a/sepolicy/vendor/appdomain.te b/sepolicy/vendor/appdomain.te
new file mode 100644
index 00000000..b7295a2e
--- /dev/null
+++ b/sepolicy/vendor/appdomain.te
@@ -0,0 +1,6 @@
+get_prop(appdomain, vendor_edgetpu_runtime_prop)
+get_prop(appdomain, vendor_gxp_prop)
+get_prop(appdomain, vendor_hetero_runtime_prop)
+get_prop(appdomain, vendor_tflite_delegate_prop)
+
+neverallow appdomain edgetpu_device:chr_file open;
diff --git a/sepolicy/whitechapel_pro/attributes b/sepolicy/vendor/attributes
similarity index 100%
rename from sepolicy/whitechapel_pro/attributes
rename to sepolicy/vendor/attributes
diff --git a/sepolicy/vendor/audio_prop_restricted.te b/sepolicy/vendor/audio_prop_restricted.te
new file mode 100644
index 00000000..a1430324
--- /dev/null
+++ b/sepolicy/vendor/audio_prop_restricted.te
@@ -0,0 +1 @@
+vendor_restricted_prop(vendor_audio_prop_restricted)
diff --git a/sepolicy/vendor/audioserver.te b/sepolicy/vendor/audioserver.te
new file mode 100644
index 00000000..9802cb2c
--- /dev/null
+++ b/sepolicy/vendor/audioserver.te
@@ -0,0 +1 @@
+allow audioserver audio_device:chr_file r_file_perms;
diff --git a/sepolicy/vendor/battery_mitigation.te b/sepolicy/vendor/battery_mitigation.te
new file mode 100644
index 00000000..420f659a
--- /dev/null
+++ b/sepolicy/vendor/battery_mitigation.te
@@ -0,0 +1,39 @@
+type battery_mitigation, domain;
+type battery_mitigation_exec, exec_type, file_type, vendor_file_type;
+
+add_service(battery_mitigation, hal_battery_mitigation_service)
+
+binder_call(battery_mitigation, hal_audio_default)
+binder_call(battery_mitigation, servicemanager)
+
+get_prop(battery_mitigation, boot_status_prop)
+get_prop(battery_mitigation, system_boot_reason_prop)
+get_prop(battery_mitigation, vendor_brownout_reason_prop)
+
+hal_client_domain(battery_mitigation, hal_health)
+hal_client_domain(battery_mitigation, hal_thermal)
+
+init_daemon_domain(battery_mitigation)
+
+r_dir_file(battery_mitigation, sysfs_acpm_stats)
+r_dir_file(battery_mitigation, sysfs_batteryinfo)
+r_dir_file(battery_mitigation, sysfs_gpu)
+r_dir_file(battery_mitigation, sysfs_iio_devices)
+r_dir_file(battery_mitigation, sysfs_odpm)
+r_dir_file(battery_mitigation, sysfs_power_stats)
+r_dir_file(battery_mitigation, sysfs_thermal)
+r_dir_file(battery_mitigation, thermal_link_device)
+
+set_prop(battery_mitigation, vendor_brownout_br_feasible_prop)
+set_prop(battery_mitigation, vendor_mitigation_ready_prop)
+
+wakelock_use(battery_mitigation)
+
+allow battery_mitigation dumpstate:fd use;
+allow battery_mitigation dumpstate:fifo_file rw_file_perms;
+allow battery_mitigation fwk_stats_service:service_manager find;
+allow battery_mitigation mitigation_vendor_data_file:dir rw_dir_perms;
+allow battery_mitigation mitigation_vendor_data_file:file create_file_perms;
+allow battery_mitigation sysfs_bcl:dir r_dir_perms;
+allow battery_mitigation sysfs_bcl:file rw_file_perms;
+allow battery_mitigation sysfs_bcl:lnk_file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/bipchmgr.te b/sepolicy/vendor/bipchmgr.te
similarity index 61%
rename from sepolicy/whitechapel_pro/bipchmgr.te
rename to sepolicy/vendor/bipchmgr.te
index 9298e322..0bb2da05 100644
--- a/sepolicy/whitechapel_pro/bipchmgr.te
+++ b/sepolicy/vendor/bipchmgr.te
@@ -1,9 +1,12 @@
 type bipchmgr, domain;
-type bipchmgr_exec, vendor_file_type, exec_type, file_type;
+type bipchmgr_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(bipchmgr, rild)
+
+get_prop(bipchmgr, hwservicemanager_prop)
+
+hwbinder_use(bipchmgr)
+
 init_daemon_domain(bipchmgr)
 
-get_prop(bipchmgr, hwservicemanager_prop);
-
 allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
-hwbinder_use(bipchmgr)
-binder_call(bipchmgr, rild)
diff --git a/sepolicy/vendor/bluetooth.te b/sepolicy/vendor/bluetooth.te
new file mode 100644
index 00000000..86bc61d8
--- /dev/null
+++ b/sepolicy/vendor/bluetooth.te
@@ -0,0 +1,4 @@
+allow bluetooth proc_vendor_sched:dir r_dir_perms;
+allow bluetooth proc_vendor_sched:file w_file_perms;
+
+dontaudit bluetooth default_android_service:service_manager find;
diff --git a/sepolicy/vendor/bootanim.te b/sepolicy/vendor/bootanim.te
new file mode 100644
index 00000000..9f20466a
--- /dev/null
+++ b/sepolicy/vendor/bootanim.te
@@ -0,0 +1 @@
+dontaudit bootanim system_data_file:dir r_dir_perms;
diff --git a/sepolicy/whitechapel_pro/bootdevice_sysdev.te b/sepolicy/vendor/bootdevice_sysdev.te
similarity index 59%
rename from sepolicy/whitechapel_pro/bootdevice_sysdev.te
rename to sepolicy/vendor/bootdevice_sysdev.te
index 2ff0acb9..543b11f4 100644
--- a/sepolicy/whitechapel_pro/bootdevice_sysdev.te
+++ b/sepolicy/vendor/bootdevice_sysdev.te
@@ -1 +1,3 @@
+type bootdevice_sysdev, dev_type;
+
 allow bootdevice_sysdev sysfs:filesystem associate;
diff --git a/sepolicy/vendor/bug_map b/sepolicy/vendor/bug_map
new file mode 100644
index 00000000..fe321bfd
--- /dev/null
+++ b/sepolicy/vendor/bug_map
@@ -0,0 +1,48 @@
+aconfigd apex_info_file file b/381326452
+dump_modem sscoredump_vendor_data_coredump_file dir b/416212184
+dump_modem sscoredump_vendor_data_logcat_file dir b/422941831
+grilservice_app graphics_config_writable_prop file b/409896525
+gyotaku_app graphics_config_writable_prop file b/409896487
+hal_audio_default hal_audio_default binder b/395745737
+hal_bluetooth_synabtlinux device chr_file b/386303831
+hal_camera_default aconfig_storage_metadata_file dir b/383013727
+hal_contexthub_default hal_bluetooth_service service_manager b/396573096
+hal_sensors_default property_socket sock_file b/373755350
+hal_sensors_default sysfs file b/336451433
+hardware_info_app graphics_config_writable_prop file b/409895934
+incidentd debugfs_wakeup_sources file b/282626428
+incidentd incidentd anon_inode b/282626428
+init init capability b/379591559
+init-display-sh kmsg_device chr_file b/388949662
+insmod-sh insmod-sh key b/336451874
+insmod-sh kmsg_debug_device chr_file b/410729205
+insmod-sh kmsg_device chr_file b/388949536
+insmod-sh vendor_edgetpu_debugfs dir b/385858933
+kernel kernel capability b/340722537
+logger_app graphics_config_writable_prop file b/409896486
+modem_diagnostic_app graphics_config_writable_prop file b/409895878
+pixelstats_vendor block_device dir b/369540701
+pixelstats_vendor sysfs_pixel_stat dir b/422900204
+pixelstats_vendor sysfs_pixel_stat file b/422900204
+platform_app vendor_fw_file dir b/377811773
+platform_app vendor_rild_prop file b/377811773
+priv_app audio_config_prop file b/379246129
+priv_app metadata_file dir b/383438008
+ramdump proc_bootconfig file b/181615626
+ramdump public_vendor_default_prop file b/161103878
+ramdump ramdump capability b/369475655
+ramdump vendor_hw_plat_prop file b/161103878
+ramdump_app default_prop file b/386149375
+ramdump_app graphics_config_writable_prop file b/409895818
+rfsd vendor_cbd_prop file b/412237886
+shell vendor_intelligence_prop file b/378120929
+ssr_detector_app default_prop file b/422943113
+ssr_detector_app graphics_config_writable_prop file b/409895951
+system_server build_bootimage_prop file b/413561511
+system_server vendor_default_prop file b/366116786
+untrusted_app audio_config_prop file b/379245515
+uwb_vendor_app graphics_config_writable_prop file b/409895896
+vendor_init debugfs_trace_marker file b/336451787
+vendor_init default_prop file b/315104479
+zygote aconfig_storage_metadata_file dir b/383949172
+zygote zygote capability b/379591519
diff --git a/sepolicy/vendor/cat_engine_service_app.te b/sepolicy/vendor/cat_engine_service_app.te
new file mode 100644
index 00000000..15de03d8
--- /dev/null
+++ b/sepolicy/vendor/cat_engine_service_app.te
@@ -0,0 +1 @@
+type cat_engine_service_app, domain;
diff --git a/sepolicy/whitechapel_pro/cbd.te b/sepolicy/vendor/cbd.te
similarity index 62%
rename from sepolicy/whitechapel_pro/cbd.te
rename to sepolicy/vendor/cbd.te
index 9cb7ee2a..a7520796 100644
--- a/sepolicy/whitechapel_pro/cbd.te
+++ b/sepolicy/vendor/cbd.te
@@ -1,64 +1,35 @@
 type cbd, domain;
-type cbd_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(cbd)
+type cbd_exec, exec_type, file_type, vendor_file_type;
 
-set_prop(cbd, vendor_modem_prop)
-set_prop(cbd, vendor_cbd_prop)
-set_prop(cbd, vendor_rild_prop)
 get_prop(cbd, telephony_modem_prop)
 
-# Allow cbd to set gid/uid from too to radio
-allow cbd self:capability { setgid setuid };
+init_daemon_domain(cbd)
 
-allow cbd mnt_vendor_file:dir r_dir_perms;
+r_dir_file(cbd, modem_img_file)
 
-allow cbd kmsg_device:chr_file rw_file_perms;
+set_prop(cbd, vendor_cbd_prop)
+set_prop(cbd, vendor_modem_prop)
+set_prop(cbd, vendor_rild_prop)
 
-allow cbd vendor_shell_exec:file execute_no_trans;
-allow cbd vendor_toolbox_exec:file execute_no_trans;
-
-# Allow cbd to access modem block device
 allow cbd block_device:dir search;
+allow cbd kmsg_device:chr_file rw_file_perms;
+allow cbd mnt_vendor_file:dir r_dir_perms;
 allow cbd modem_block_device:blk_file r_file_perms;
-
-# Allow cbd to access sysfs chosen files
-allow cbd sysfs_chosen:file r_file_perms;
-allow cbd sysfs_chosen:dir r_dir_perms;
-
-allow cbd radio_device:chr_file rw_file_perms;
-
-allow cbd proc_cmdline:file r_file_perms;
-
-allow cbd persist_modem_file:dir create_dir_perms;
-allow cbd persist_modem_file:file create_file_perms;
-allow cbd persist_file:dir search;
-
-allow cbd radio_vendor_data_file:dir create_dir_perms;
-allow cbd radio_vendor_data_file:file create_file_perms;
-
-# Allow cbd to operate with modem EFS file/dir
 allow cbd modem_efs_file:dir create_dir_perms;
 allow cbd modem_efs_file:file create_file_perms;
-
-# Allow cbd to operate with modem userdata file/dir
 allow cbd modem_userdata_file:dir create_dir_perms;
 allow cbd modem_userdata_file:file create_file_perms;
-
-# Allow cbd to access modem image file/dir
-allow cbd modem_img_file:dir r_dir_perms;
-allow cbd modem_img_file:file r_file_perms;
-allow cbd modem_img_file:lnk_file r_file_perms;
-
-# Allow cbd to collect crash info
+allow cbd persist_file:dir search;
+allow cbd persist_modem_file:dir create_dir_perms;
+allow cbd persist_modem_file:file create_file_perms;
+allow cbd proc_cmdline:file r_file_perms;
+allow cbd radio_device:chr_file rw_file_perms;
+allow cbd radio_vendor_data_file:dir create_dir_perms;
+allow cbd radio_vendor_data_file:file create_file_perms;
+allow cbd self:capability { setgid setuid };
 allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
 allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
-
-userdebug_or_eng(`
-  r_dir_file(cbd, vendor_slog_file)
-
-  allow cbd kernel:system syslog_read;
-
-  allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
-  allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
-')
-
+allow cbd sysfs_chosen:dir r_dir_perms;
+allow cbd sysfs_chosen:file r_file_perms;
+allow cbd vendor_shell_exec:file execute_no_trans;
+allow cbd vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/cbrs_setup_app.te b/sepolicy/vendor/cbrs_setup_app.te
new file mode 100644
index 00000000..1babb590
--- /dev/null
+++ b/sepolicy/vendor/cbrs_setup_app.te
@@ -0,0 +1 @@
+type cbrs_setup_app, domain;
diff --git a/sepolicy/whitechapel_pro/cccdk_timesync_app.te b/sepolicy/vendor/cccdktimesync_app.te
similarity index 73%
rename from sepolicy/whitechapel_pro/cccdk_timesync_app.te
rename to sepolicy/vendor/cccdktimesync_app.te
index f6e514d9..48c856a6 100644
--- a/sepolicy/whitechapel_pro/cccdk_timesync_app.te
+++ b/sepolicy/vendor/cccdktimesync_app.te
@@ -1,10 +1,8 @@
 type vendor_cccdktimesync_app, domain;
+
 app_domain(vendor_cccdktimesync_app)
 
-allow vendor_cccdktimesync_app app_api_service:service_manager find;
-
 binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux)
-allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
 
-# allow the HAL to call our registered callbacks
-binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)
+allow vendor_cccdktimesync_app app_api_service:service_manager find;
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
diff --git a/sepolicy/whitechapel_pro/charger_vendor.te b/sepolicy/vendor/charger_vendor.te
similarity index 99%
rename from sepolicy/whitechapel_pro/charger_vendor.te
rename to sepolicy/vendor/charger_vendor.te
index df59b717..79c7d069 100644
--- a/sepolicy/whitechapel_pro/charger_vendor.te
+++ b/sepolicy/vendor/charger_vendor.te
@@ -1,10 +1,11 @@
+set_prop(charger_vendor, vendor_battery_defender_prop)
+
 allow charger_vendor mnt_vendor_file:dir search;
-allow charger_vendor sysfs_batteryinfo:file w_file_perms;
-allow charger_vendor persist_file:dir search;
 allow charger_vendor persist_battery_file:dir search;
 allow charger_vendor persist_battery_file:file rw_file_perms;
+allow charger_vendor persist_file:dir search;
+allow charger_vendor sysfs_batteryinfo:file w_file_perms;
 allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
 allow charger_vendor sysfs_thermal:file w_file_perms;
 allow charger_vendor sysfs_thermal:lnk_file read;
 allow charger_vendor thermal_link_device:dir search;
-set_prop(charger_vendor, vendor_battery_defender_prop)
diff --git a/sepolicy/vendor/chre.te b/sepolicy/vendor/chre.te
new file mode 100644
index 00000000..64966bf2
--- /dev/null
+++ b/sepolicy/vendor/chre.te
@@ -0,0 +1,20 @@
+type chre, domain;
+type chre_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(chre, stats_service_server)
+
+hal_client_domain(chre, hal_graphics_allocator)
+
+init_daemon_domain(chre)
+
+wakelock_use(chre)
+
+allow chre aoc_device:chr_file rw_file_perms;
+allow chre device:dir r_dir_perms;
+allow chre fwk_stats_service:service_manager find;
+allow chre hal_graphics_mapper_hwservice:hwservice_manager find;
+allow chre hal_wifi_ext:binder { call transfer };
+allow chre hal_wifi_ext_hwservice:hwservice_manager find;
+allow chre hal_wifi_ext_service:service_manager find;
+allow chre sysfs_aoc:dir search;
+allow chre sysfs_aoc_boottime:file r_file_perms;
diff --git a/sepolicy/vendor/citadeld.te b/sepolicy/vendor/citadeld.te
new file mode 100644
index 00000000..cd80a4e4
--- /dev/null
+++ b/sepolicy/vendor/citadeld.te
@@ -0,0 +1,20 @@
+type citadeld, domain;
+type citadeld_exec, exec_type, file_type, vendor_file_type;
+type citadeld_service, vndservice_manager_type;
+
+add_service(citadeld, citadeld_service)
+
+binder_call(citadeld, system_server)
+
+binder_use(citadeld)
+
+init_daemon_domain(citadeld)
+
+set_prop(citadeld, vendor_nos_citadel_version)
+
+vndbinder_use(citadeld)
+
+allow citadeld citadel_device:chr_file rw_file_perms;
+allow citadeld fwk_stats_service:service_manager find;
+allow citadeld hal_power_stats_vendor_service:service_manager find;
+allow citadeld hal_weaver_citadel:binder call;
diff --git a/sepolicy/whitechapel_pro/con_monitor.te b/sepolicy/vendor/con_monitor_app.te
similarity index 100%
rename from sepolicy/whitechapel_pro/con_monitor.te
rename to sepolicy/vendor/con_monitor_app.te
diff --git a/sepolicy/vendor/dcservice_app.te b/sepolicy/vendor/dcservice_app.te
new file mode 100644
index 00000000..9446fa6f
--- /dev/null
+++ b/sepolicy/vendor/dcservice_app.te
@@ -0,0 +1,5 @@
+binder_call(dcservice_app, aocxd)
+binder_call(dcservice_app, twoshay)
+
+allow dcservice_app aocx:service_manager find;
+allow dcservice_app touch_context_service:service_manager find;
diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te
new file mode 100644
index 00000000..d8616b84
--- /dev/null
+++ b/sepolicy/vendor/device.te
@@ -0,0 +1,33 @@
+type amcs_device, dev_type;
+type aoc_device, dev_type;
+type citadel_device, dev_type;
+type custom_ab_block_device, dev_type;
+type devinfo_block_device, dev_type;
+type edgetpu_device, dev_type, isolated_compute_allowed_device, mlstrustedobject;
+type efs_block_device, dev_type;
+type faceauth_heap_device, dev_type, dmabuf_heap_device_type;
+type fingerprint_device, dev_type;
+type fips_block_device, dev_type;
+type gxp_device, dev_type, mlstrustedobject;
+type logbuffer_device, dev_type;
+type lwis_device, dev_type;
+type mfg_data_block_device, dev_type;
+type modem_block_device, dev_type;
+type modem_userdata_block_device, dev_type;
+type persist_block_device, dev_type;
+type pktrouter_device, dev_type;
+type radio_test_device, dev_type;
+type rls_device, dev_type;
+type sda_block_device, dev_type;
+type sensor_direct_heap_device, dev_type, dmabuf_heap_device_type;
+type sg_device, dev_type;
+type sscoredump_device, dev_type;
+type st33spi_device, dev_type;
+type st54spi_device, dev_type;
+type thermal_link_device, dev_type;
+type touch_offload_device, dev_type;
+type trusty_log_device, dev_type;
+type ufs_internal_block_device, dev_type;
+type userdata_exp_block_device, dev_type;
+type vendor_toe_device, dev_type;
+type vscaler_heap_device, dev_type, dmabuf_heap_device_type;
diff --git a/sepolicy/whitechapel_pro/disable-contaminant-detection-sh.te b/sepolicy/vendor/disable-contaminant-detection-sh.te
similarity index 79%
rename from sepolicy/whitechapel_pro/disable-contaminant-detection-sh.te
rename to sepolicy/vendor/disable-contaminant-detection-sh.te
index 95845a18..21f60653 100644
--- a/sepolicy/whitechapel_pro/disable-contaminant-detection-sh.te
+++ b/sepolicy/vendor/disable-contaminant-detection-sh.te
@@ -1,7 +1,8 @@
 type disable-contaminant-detection-sh, domain;
-type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type;
+type disable-contaminant-detection-sh_exec, exec_type, file_type, vendor_file_type;
+
 init_daemon_domain(disable-contaminant-detection-sh)
 
-allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans;
 allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms;
 allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms;
+allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/whitechapel_pro/dmd.te b/sepolicy/vendor/dmd.te
similarity index 67%
rename from sepolicy/whitechapel_pro/dmd.te
rename to sepolicy/vendor/dmd.te
index 76177b50..d7ee7f21 100644
--- a/sepolicy/whitechapel_pro/dmd.te
+++ b/sepolicy/vendor/dmd.te
@@ -1,32 +1,27 @@
 type dmd, domain;
-type dmd_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(dmd)
+type dmd_exec, exec_type, file_type, vendor_file_type;
 
-# Grant to access serial device for external logging tool
-allow dmd serial_device:chr_file rw_file_perms;
-
-# Grant to access radio device
-allow dmd radio_device:chr_file rw_file_perms;
-
-# Grant to access slog dir/file
-allow dmd vendor_slog_file:dir create_dir_perms;
-allow dmd vendor_slog_file:file create_file_perms;
-
-# Grant to access tcp socket
-allow dmd node:tcp_socket node_bind;
-allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };
-
-# Grant to access log related properties
-set_prop(dmd, vendor_diag_prop)
-set_prop(dmd, vendor_slog_prop)
-set_prop(dmd, vendor_modem_prop)
-get_prop(dmd, vendor_persist_config_default_prop)
-
-# Grant to access hwservice manager
-get_prop(dmd, hwservicemanager_prop)
-allow dmd hidl_base_hwservice:hwservice_manager add;
-allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
 binder_call(dmd, hwservicemanager)
 binder_call(dmd, modem_diagnostic_app)
 binder_call(dmd, modem_logging_control)
 binder_call(dmd, vendor_telephony_silentlogging_app)
+
+get_prop(dmd, hwservicemanager_prop)
+get_prop(dmd, vendor_persist_config_default_prop)
+
+init_daemon_domain(dmd)
+
+set_prop(dmd, vendor_diag_prop)
+set_prop(dmd, vendor_modem_prop)
+set_prop(dmd, vendor_slog_prop)
+
+allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
+allow dmd hidl_base_hwservice:hwservice_manager add;
+allow dmd node:tcp_socket node_bind;
+allow dmd radio_device:chr_file rw_file_perms;
+allow dmd self:tcp_socket { accept create_socket_perms_no_ioctl listen };
+allow dmd serial_device:chr_file rw_file_perms;
+allow dmd vendor_slog_file:dir create_dir_perms;
+allow dmd vendor_slog_file:file create_file_perms;
+
+dontaudit dmd servicemanager:binder call;
diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te
new file mode 100644
index 00000000..8cc047bb
--- /dev/null
+++ b/sepolicy/vendor/domain.te
@@ -0,0 +1 @@
+get_prop(domain, vendor_arm_runtime_option_prop)
diff --git a/sepolicy/vendor/dump_aoc.te b/sepolicy/vendor/dump_aoc.te
new file mode 100644
index 00000000..1783ba4a
--- /dev/null
+++ b/sepolicy/vendor/dump_aoc.te
@@ -0,0 +1,8 @@
+pixel_bugreport(dump_aoc)
+
+allow dump_aoc aoc_device:chr_file rw_file_perms;
+allow dump_aoc sysfs:dir r_dir_perms;
+allow dump_aoc sysfs_aoc:dir search;
+allow dump_aoc sysfs_aoc_dumpstate:file r_file_perms;
+allow dump_aoc vendor_shell_exec:file execute_no_trans;
+allow dump_aoc vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_camera.te b/sepolicy/vendor/dump_camera.te
new file mode 100644
index 00000000..8dfb03d7
--- /dev/null
+++ b/sepolicy/vendor/dump_camera.te
@@ -0,0 +1 @@
+pixel_bugreport(dump_camera)
diff --git a/sepolicy/vendor/dump_devfreq.te b/sepolicy/vendor/dump_devfreq.te
new file mode 100644
index 00000000..5e8ee573
--- /dev/null
+++ b/sepolicy/vendor/dump_devfreq.te
@@ -0,0 +1,5 @@
+pixel_bugreport(dump_devfreq)
+
+allow dump_devfreq sysfs_cpu:file r_file_perms;
+allow dump_devfreq sysfs_exynos_bts:dir r_dir_perms;
+allow dump_devfreq sysfs_exynos_bts_stats:file r_file_perms;
diff --git a/sepolicy/vendor/dump_exynos_display.te b/sepolicy/vendor/dump_exynos_display.te
new file mode 100644
index 00000000..6eb2b210
--- /dev/null
+++ b/sepolicy/vendor/dump_exynos_display.te
@@ -0,0 +1,10 @@
+binder_call(dump_exynos_display, hal_graphics_composer_default)
+
+pixel_bugreport(dump_exynos_display)
+
+vndbinder_use(dump_exynos_display)
+
+allow dump_exynos_display sysfs_display:file r_file_perms;
+allow dump_exynos_display vendor_displaycolor_service:service_manager find;
+allow dump_exynos_display vendor_dumpsys:file execute_no_trans;
+allow dump_exynos_display vendor_shell_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_exynos_display_userdebug.te b/sepolicy/vendor/dump_exynos_display_userdebug.te
new file mode 100644
index 00000000..796ef753
--- /dev/null
+++ b/sepolicy/vendor/dump_exynos_display_userdebug.te
@@ -0,0 +1 @@
+pixel_bugreport(dump_exynos_display_userdebug)
diff --git a/sepolicy/vendor/dump_fingerprint.te b/sepolicy/vendor/dump_fingerprint.te
new file mode 100644
index 00000000..0589adb5
--- /dev/null
+++ b/sepolicy/vendor/dump_fingerprint.te
@@ -0,0 +1,4 @@
+pixel_bugreport(dump_fingerprint)
+
+allow dump_fingerprint fingerprint_vendor_data_file:dir r_dir_perms;
+allow dump_fingerprint fingerprint_vendor_data_file:file r_file_perms;
diff --git a/sepolicy/vendor/dump_gps.te b/sepolicy/vendor/dump_gps.te
new file mode 100644
index 00000000..6d07d988
--- /dev/null
+++ b/sepolicy/vendor/dump_gps.te
@@ -0,0 +1 @@
+pixel_bugreport(dump_gps)
diff --git a/sepolicy/vendor/dump_gsc.te b/sepolicy/vendor/dump_gsc.te
new file mode 100644
index 00000000..cfacacc1
--- /dev/null
+++ b/sepolicy/vendor/dump_gsc.te
@@ -0,0 +1,14 @@
+type dump_gsc, domain;
+type dump_gsc_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(dump_gsc, citadeld)
+
+hal_client_domain(dump_gsc, hal_dumpstate)
+
+vndbinder_use(dump_gsc)
+
+allow dump_gsc citadel_updater:file execute_no_trans;
+allow dump_gsc citadeld_service:service_manager find;
+allow dump_gsc dumpstate:fd use;
+allow dump_gsc dumpstate:fifo_file { getattr write };
+allow dump_gsc shell_data_file:file { getattr write };
diff --git a/sepolicy/vendor/dump_gxp.te b/sepolicy/vendor/dump_gxp.te
new file mode 100644
index 00000000..e126e6c4
--- /dev/null
+++ b/sepolicy/vendor/dump_gxp.te
@@ -0,0 +1 @@
+pixel_bugreport(dump_gxp)
diff --git a/sepolicy/vendor/dump_memory.te b/sepolicy/vendor/dump_memory.te
new file mode 100644
index 00000000..7a22b19c
--- /dev/null
+++ b/sepolicy/vendor/dump_memory.te
@@ -0,0 +1,3 @@
+pixel_bugreport(dump_memory)
+
+allow dump_memory vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_modem.te b/sepolicy/vendor/dump_modem.te
new file mode 100644
index 00000000..b558ff78
--- /dev/null
+++ b/sepolicy/vendor/dump_modem.te
@@ -0,0 +1,14 @@
+pixel_bugreport(dump_modem)
+
+allow dump_modem logbuffer_device:chr_file r_file_perms;
+allow dump_modem modem_stat_data_file:dir search;
+allow dump_modem modem_stat_data_file:file r_file_perms;
+allow dump_modem radio_vendor_data_file:dir search;
+allow dump_modem radio_vendor_data_file:file r_file_perms;
+allow dump_modem sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+allow dump_modem sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+allow dump_modem sysfs_dump_modem:file r_file_perms;
+allow dump_modem vendor_log_file:dir search;
+allow dump_modem vendor_rfsd_log_file:dir r_dir_perms;
+allow dump_modem vendor_rfsd_log_file:file r_file_perms;
+allow dump_modem vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_modemlog.te b/sepolicy/vendor/dump_modemlog.te
new file mode 100644
index 00000000..c339cd73
--- /dev/null
+++ b/sepolicy/vendor/dump_modemlog.te
@@ -0,0 +1,11 @@
+pixel_bugreport(dump_modemlog)
+
+set_prop(dump_modemlog, vendor_modem_prop)
+
+allow dump_modemlog mnt_vendor_file:dir search;
+allow dump_modemlog modem_efs_file:dir search;
+allow dump_modemlog modem_efs_file:file r_file_perms;
+allow dump_modemlog radio_vendor_data_file:dir create_dir_perms;
+allow dump_modemlog radio_vendor_data_file:file create_file_perms;
+allow dump_modemlog vendor_slog_file:dir r_dir_perms;
+allow dump_modemlog vendor_slog_file:file r_file_perms;
diff --git a/sepolicy/vendor/dump_perf.te b/sepolicy/vendor/dump_perf.te
new file mode 100644
index 00000000..15c4f6e5
--- /dev/null
+++ b/sepolicy/vendor/dump_perf.te
@@ -0,0 +1,3 @@
+pixel_bugreport(dump_perf)
+
+allow dump_perf proc_vendor_sched:file r_file_perms;
diff --git a/sepolicy/vendor/dump_pixel_metrics.te b/sepolicy/vendor/dump_pixel_metrics.te
new file mode 100644
index 00000000..dd4dbe9a
--- /dev/null
+++ b/sepolicy/vendor/dump_pixel_metrics.te
@@ -0,0 +1,5 @@
+pixel_bugreport(dump_pixel_metrics)
+
+r_dir_file(dump_pixel_metrics, sysfs_vendor_metrics)
+
+allow dump_pixel_metrics vendor_dumpsys:file execute_no_trans;
diff --git a/sepolicy/whitechapel_pro/dump_power.te b/sepolicy/vendor/dump_power.te
similarity index 63%
rename from sepolicy/whitechapel_pro/dump_power.te
rename to sepolicy/vendor/dump_power.te
index 66115230..acb8b1c1 100644
--- a/sepolicy/whitechapel_pro/dump_power.te
+++ b/sepolicy/vendor/dump_power.te
@@ -1,25 +1,15 @@
-# Allow dumpstate to execute dump_power
-pixel_bugreport(dump_power);
+pixel_bugreport(dump_power)
 
-allow dump_power sysfs_acpm_stats:dir r_dir_perms;
-allow dump_power sysfs_acpm_stats:file r_file_perms;
-allow dump_power sysfs_cpu:file r_file_perms;
-allow dump_power sysfs_wlc:file r_file_perms;
-allow dump_power sysfs_wlc:dir search;
-allow dump_power sysfs_batteryinfo:dir r_dir_perms;
-allow dump_power sysfs_batteryinfo:file r_file_perms;
+allow dump_power battery_history_device:chr_file r_file_perms;
 allow dump_power logbuffer_device:chr_file r_file_perms;
 allow dump_power mitigation_vendor_data_file:dir r_dir_perms;
 allow dump_power mitigation_vendor_data_file:file r_file_perms;
+allow dump_power sysfs_acpm_stats:dir r_dir_perms;
+allow dump_power sysfs_acpm_stats:file r_file_perms;
+allow dump_power sysfs_batteryinfo:dir r_dir_perms;
+allow dump_power sysfs_batteryinfo:file r_file_perms;
 allow dump_power sysfs_bcl:dir r_dir_perms;
 allow dump_power sysfs_bcl:file r_file_perms;
-allow dump_power battery_history_device:chr_file r_file_perms;
-
-userdebug_or_eng(`
-  r_dir_file(dump_power, vendor_battery_debugfs)
-  r_dir_file(dump_power, vendor_maxfg_debugfs)
-  r_dir_file(dump_power, vendor_charger_debugfs)
-  r_dir_file(dump_power, vendor_votable_debugfs)
-  allow dump_power debugfs:dir r_dir_perms;
-  allow dump_power vendor_usb_debugfs:dir { search };
-')
+allow dump_power sysfs_cpu:file r_file_perms;
+allow dump_power sysfs_wlc:dir search;
+allow dump_power sysfs_wlc:file r_file_perms;
diff --git a/sepolicy/vendor/dump_radio.te b/sepolicy/vendor/dump_radio.te
new file mode 100644
index 00000000..42a6ec49
--- /dev/null
+++ b/sepolicy/vendor/dump_radio.te
@@ -0,0 +1 @@
+pixel_bugreport(dump_radio)
diff --git a/sepolicy/vendor/dump_ramdump.te b/sepolicy/vendor/dump_ramdump.te
new file mode 100644
index 00000000..9c615bb1
--- /dev/null
+++ b/sepolicy/vendor/dump_ramdump.te
@@ -0,0 +1 @@
+pixel_bugreport(dump_ramdump)
diff --git a/sepolicy/vendor/dump_sensors.te b/sepolicy/vendor/dump_sensors.te
new file mode 100644
index 00000000..767a6c84
--- /dev/null
+++ b/sepolicy/vendor/dump_sensors.te
@@ -0,0 +1,6 @@
+pixel_bugreport(dump_sensors)
+
+allow dump_sensors aoc_device:chr_file rw_file_perms;
+allow dump_sensors device:dir r_dir_perms;
+allow dump_sensors vendor_shell_exec:file execute_no_trans;
+allow dump_sensors vendor_usf_stats:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_soc.te b/sepolicy/vendor/dump_soc.te
new file mode 100644
index 00000000..a69b189e
--- /dev/null
+++ b/sepolicy/vendor/dump_soc.te
@@ -0,0 +1,3 @@
+pixel_bugreport(dump_soc)
+
+allow dump_soc sysfs_chip_id:file r_file_perms;
diff --git a/sepolicy/vendor/dump_storage.te b/sepolicy/vendor/dump_storage.te
new file mode 100644
index 00000000..40338892
--- /dev/null
+++ b/sepolicy/vendor/dump_storage.te
@@ -0,0 +1,12 @@
+get_prop(dump_storage, boottime_public_prop)
+
+pixel_bugreport(dump_storage)
+
+allow dump_storage proc_f2fs:dir r_dir_perms;
+allow dump_storage proc_f2fs:file r_file_perms;
+allow dump_storage sysfs:file r_file_perms;
+allow dump_storage sysfs_scsi_devices_0000:dir r_dir_perms;
+allow dump_storage sysfs_scsi_devices_0000:file r_file_perms;
+
+dontaudit dump_storage debugfs_f2fs:dir r_dir_perms;
+dontaudit dump_storage debugfs_f2fs:file r_file_perms;
diff --git a/sepolicy/vendor/dump_thermal.te b/sepolicy/vendor/dump_thermal.te
new file mode 100644
index 00000000..c9719680
--- /dev/null
+++ b/sepolicy/vendor/dump_thermal.te
@@ -0,0 +1,5 @@
+pixel_bugreport(dump_thermal)
+
+r_dir_file(dump_thermal, sysfs_thermal)
+
+allow dump_thermal vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_trusty.te b/sepolicy/vendor/dump_trusty.te
new file mode 100644
index 00000000..d4e0d6ef
--- /dev/null
+++ b/sepolicy/vendor/dump_trusty.te
@@ -0,0 +1,4 @@
+pixel_bugreport(dump_trusty)
+
+allow dump_trusty trusty_log_device:chr_file r_file_perms;
+allow dump_trusty vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/dump_umfw_stat.te b/sepolicy/vendor/dump_umfw_stat.te
new file mode 100644
index 00000000..4d5f86aa
--- /dev/null
+++ b/sepolicy/vendor/dump_umfw_stat.te
@@ -0,0 +1,7 @@
+pixel_bugreport(dump_umfw_stat)
+
+allow dump_umfw_stat aoc_device:chr_file rw_file_perms;
+allow dump_umfw_stat device:dir r_dir_perms;
+allow dump_umfw_stat vendor_shell_exec:file execute_no_trans;
+allow dump_umfw_stat vendor_toolbox_exec:file execute_no_trans;
+allow dump_umfw_stat vendor_umfw_stat_tool:file execute_no_trans;
diff --git a/sepolicy/vendor/dumpstate.te b/sepolicy/vendor/dumpstate.te
new file mode 100644
index 00000000..03510786
--- /dev/null
+++ b/sepolicy/vendor/dumpstate.te
@@ -0,0 +1,23 @@
+binder_call(dumpstate, aocxd)
+binder_call(dumpstate, battery_mitigation)
+binder_call(dumpstate, flood_control)
+binder_call(dumpstate, twoshay)
+
+allow dumpstate fuse:dir search;
+allow dumpstate hal_battery_mitigation_service:service_manager find;
+allow dumpstate modem_efs_file:dir getattr;
+allow dumpstate modem_efs_file:dir r_dir_perms;
+allow dumpstate modem_img_file:dir r_dir_perms;
+allow dumpstate modem_userdata_file:dir getattr;
+allow dumpstate modem_userdata_file:dir r_dir_perms;
+allow dumpstate persist_file:dir getattr;
+allow dumpstate persist_file:dir r_dir_perms;
+allow dumpstate rlsservice:binder call;
+allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
+allow dumpstate touch_context_service:service_manager find;
+allow dumpstate twoshay_file_dump_service:service_manager find;
+allow dumpstate vold:binder call;
+
+dontaudit dumpstate hal_power_stats_vendor_service:service_manager find;
+dontaudit dumpstate intelligence_data_file:dir getattr;
+dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms;
diff --git a/sepolicy/vendor/e2fs.te b/sepolicy/vendor/e2fs.te
new file mode 100644
index 00000000..b35811aa
--- /dev/null
+++ b/sepolicy/vendor/e2fs.te
@@ -0,0 +1,11 @@
+allow e2fs efs_block_device:blk_file rw_file_perms;
+allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
+allow e2fs persist_block_device:blk_file { ioctl open read write };
+allow e2fs persist_block_device:blk_file rw_file_perms;
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
+allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
+
+allowxperm e2fs efs_block_device:blk_file ioctl { BLKDISCARD BLKDISCARDZEROES BLKPBSZGET BLKROGET BLKSECDISCARD };
+allowxperm e2fs modem_userdata_block_device:blk_file ioctl { BLKDISCARD BLKDISCARDZEROES BLKPBSZGET BLKROGET BLKSECDISCARD };
+allowxperm e2fs persist_block_device:blk_file ioctl { BLKDISCARD BLKDISCARDZEROES BLKPBSZGET BLKROGET BLKSECDISCARD };
diff --git a/sepolicy/vendor/edgetpu_app.te b/sepolicy/vendor/edgetpu_app.te
new file mode 100644
index 00000000..170f08a6
--- /dev/null
+++ b/sepolicy/vendor/edgetpu_app.te
@@ -0,0 +1,29 @@
+type edgetpu_app_server, coredomain, domain;
+type edgetpu_app_server_exec, exec_type, file_type, system_file_type;
+type edgetpu_app_service, app_api_service, isolated_compute_allowed_service, service_manager_type;
+
+add_service(edgetpu_app_server, edgetpu_app_service)
+
+binder_call(edgetpu_app_server, edgetpu_vendor_server)
+binder_call(edgetpu_app_server, system_server)
+
+binder_service(edgetpu_app_server)
+
+binder_use(edgetpu_app_server)
+
+get_prop(edgetpu_app_server, device_config_edgetpu_native_prop)
+get_prop(edgetpu_app_server, vendor_edgetpu_service_prop)
+
+init_daemon_domain(edgetpu_app_server)
+
+perfetto_producer(edgetpu_app_server)
+
+allow edgetpu_app_server edgetpu_device:chr_file rw_file_perms;
+allow edgetpu_app_server edgetpu_vendor_service:service_manager find;
+allow edgetpu_app_server fwk_stats_service:service_manager find;
+allow edgetpu_app_server package_native_service:service_manager find;
+allow edgetpu_app_server privapp_data_file:file { map read };
+allow edgetpu_app_server self:capability ipc_lock;
+allow edgetpu_app_server shell_data_file:file { map read };
+allow edgetpu_app_server sysfs_edgetpu:dir r_dir_perms;
+allow edgetpu_app_server sysfs_edgetpu:file rw_file_perms;
diff --git a/sepolicy/vendor/edgetpu_dba.te b/sepolicy/vendor/edgetpu_dba.te
new file mode 100644
index 00000000..80112b1f
--- /dev/null
+++ b/sepolicy/vendor/edgetpu_dba.te
@@ -0,0 +1,32 @@
+type edgetpu_dba_server, domain;
+type edgetpu_dba_server_exec, exec_type, file_type, vendor_file_type;
+type edgetpu_dba_service, app_api_service, isolated_compute_allowed_service, service_manager_type;
+
+add_service(edgetpu_dba_server, edgetpu_dba_service)
+
+binder_call(edgetpu_dba_server, edgetpu_app_server)
+
+binder_service(edgetpu_dba_server)
+
+binder_use(edgetpu_dba_server)
+
+get_prop(edgetpu_dba_server, vendor_edgetpu_cpu_scheduler_prop)
+get_prop(edgetpu_dba_server, vendor_edgetpu_runtime_prop)
+get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop)
+get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop)
+
+hal_client_domain(edgetpu_dba_server, hal_power)
+
+init_daemon_domain(edgetpu_dba_server)
+
+allow edgetpu_dba_server dmabuf_system_heap_device:chr_file r_file_perms;
+allow edgetpu_dba_server edgetpu_app_service:service_manager find;
+allow edgetpu_dba_server edgetpu_device:chr_file rw_file_perms;
+allow edgetpu_dba_server gpu_device:chr_file rw_file_perms;
+allow edgetpu_dba_server gpu_device:dir r_dir_perms;
+allow edgetpu_dba_server hal_allocator:fd use;
+allow edgetpu_dba_server hal_graphics_allocator:fd use;
+allow edgetpu_dba_server hal_graphics_mapper_hwservice:hwservice_manager find;
+allow edgetpu_dba_server ion_device:chr_file r_file_perms;
+allow edgetpu_dba_server proc_overcommit_memory:file r_file_perms;
+allow edgetpu_dba_server proc_version:file r_file_perms;
diff --git a/sepolicy/vendor/edgetpu_logging.te b/sepolicy/vendor/edgetpu_logging.te
new file mode 100644
index 00000000..34b705dd
--- /dev/null
+++ b/sepolicy/vendor/edgetpu_logging.te
@@ -0,0 +1,13 @@
+type edgetpu_logging, domain;
+type edgetpu_logging_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(edgetpu_logging, system_server)
+
+binder_use(edgetpu_logging)
+
+init_daemon_domain(edgetpu_logging)
+
+allow edgetpu_logging edgetpu_device:chr_file rw_file_perms;
+allow edgetpu_logging fwk_stats_service:service_manager find;
+allow edgetpu_logging sysfs_edgetpu:dir search;
+allow edgetpu_logging sysfs_edgetpu:file rw_file_perms;
diff --git a/sepolicy/vendor/edgetpu_tachyon.te b/sepolicy/vendor/edgetpu_tachyon.te
new file mode 100644
index 00000000..746ea15b
--- /dev/null
+++ b/sepolicy/vendor/edgetpu_tachyon.te
@@ -0,0 +1,43 @@
+type edgetpu_tachyon_server, domain;
+type edgetpu_tachyon_server_exec, exec_type, file_type, vendor_file_type;
+type edgetpu_tachyon_service, app_api_service, isolated_compute_allowed_service, service_manager_type;
+
+add_service(edgetpu_tachyon_server, edgetpu_tachyon_service)
+
+binder_call(edgetpu_tachyon_server, edgetpu_app_server)
+binder_call(edgetpu_tachyon_server, hal_camera_default)
+binder_call(edgetpu_tachyon_server, platform_app)
+binder_call(edgetpu_tachyon_server, priv_app)
+binder_call(edgetpu_tachyon_server, shell)
+binder_call(edgetpu_tachyon_server, system_server)
+binder_call(edgetpu_tachyon_server, untrusted_app_all)
+
+binder_service(edgetpu_tachyon_server)
+
+binder_use(edgetpu_tachyon_server)
+
+get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop)
+get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
+get_prop(edgetpu_tachyon_server, vendor_gxp_prop)
+get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
+get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
+
+init_daemon_domain(edgetpu_tachyon_server)
+
+perfetto_producer(edgetpu_tachyon_server)
+
+allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
+allow edgetpu_tachyon_server edgetpu_app_service:service_manager find;
+allow edgetpu_tachyon_server edgetpu_device:chr_file rw_file_perms;
+allow edgetpu_tachyon_server fwk_stats_service:service_manager find;
+allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms;
+allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
+allow edgetpu_tachyon_server gxp_device:chr_file rw_file_perms;
+allow edgetpu_tachyon_server hal_allocator:fd use;
+allow edgetpu_tachyon_server hal_graphics_allocator:fd use;
+allow edgetpu_tachyon_server hal_graphics_mapper_hwservice:hwservice_manager find;
+allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
+allow edgetpu_tachyon_server privapp_data_file:file { map read };
+allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
+allow edgetpu_tachyon_server proc_version:file r_file_perms;
+allow edgetpu_tachyon_server self:capability ipc_lock;
diff --git a/sepolicy/vendor/edgetpu_vendor.te b/sepolicy/vendor/edgetpu_vendor.te
new file mode 100644
index 00000000..7e35b610
--- /dev/null
+++ b/sepolicy/vendor/edgetpu_vendor.te
@@ -0,0 +1,20 @@
+type edgetpu_vendor_server, domain;
+type edgetpu_vendor_server_exec, exec_type, file_type, vendor_file_type;
+type edgetpu_vendor_service, hal_service_type, service_manager_type;
+
+add_service(edgetpu_vendor_server, edgetpu_vendor_service)
+
+binder_service(edgetpu_vendor_server)
+
+binder_use(edgetpu_vendor_server)
+
+get_prop(edgetpu_vendor_server, vendor_hetero_runtime_prop)
+
+init_daemon_domain(edgetpu_vendor_server)
+
+allow edgetpu_vendor_server edgetpu_vendor_service_data_file:dir create_dir_perms;
+allow edgetpu_vendor_server edgetpu_vendor_service_data_file:file create_file_perms;
+allow edgetpu_vendor_server hal_camera_default:fd use;
+allow edgetpu_vendor_server proc_overcommit_memory:file r_file_perms;
+allow edgetpu_vendor_server proc_version:file r_file_perms;
+allow edgetpu_vendor_server vndbinder_device:chr_file { ioctl map open read write };
diff --git a/sepolicy/whitechapel_pro/vendor_engineermode_app.te b/sepolicy/vendor/engineermode_app.te
similarity index 74%
rename from sepolicy/whitechapel_pro/vendor_engineermode_app.te
rename to sepolicy/vendor/engineermode_app.te
index d35403a2..b6e0145e 100644
--- a/sepolicy/whitechapel_pro/vendor_engineermode_app.te
+++ b/sepolicy/vendor/engineermode_app.te
@@ -1,12 +1,8 @@
 type vendor_engineermode_app, domain;
+
 app_domain(vendor_engineermode_app)
 
 binder_call(vendor_engineermode_app, rild)
 
 allow vendor_engineermode_app app_api_service:service_manager find;
 allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
-
-userdebug_or_eng(`
-  dontaudit vendor_engineermode_app default_prop:file r_file_perms;
-')
-
diff --git a/sepolicy/vendor/euiccpixel_app.te b/sepolicy/vendor/euiccpixel_app.te
new file mode 100644
index 00000000..0375b1d4
--- /dev/null
+++ b/sepolicy/vendor/euiccpixel_app.te
@@ -0,0 +1,14 @@
+type euiccpixel_app, domain;
+
+app_domain(euiccpixel_app)
+
+get_prop(euiccpixel_app, dck_prop)
+
+set_prop(euiccpixel_app, vendor_modem_prop)
+set_prop(euiccpixel_app, vendor_secure_element_prop)
+
+allow euiccpixel_app app_api_service:service_manager find;
+allow euiccpixel_app nfc_service:service_manager find;
+allow euiccpixel_app radio_service:service_manager find;
+allow euiccpixel_app sysfs_st33spi:dir search;
+allow euiccpixel_app sysfs_st33spi:file rw_file_perms;
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
new file mode 100644
index 00000000..13722833
--- /dev/null
+++ b/sepolicy/vendor/file.te
@@ -0,0 +1,114 @@
+type aoc_audio_file, file_type, vendor_file_type;
+type audio_vendor_data_file, data_file_type, file_type;
+type chre_data_file, data_file_type, file_type;
+type chre_socket, file_type;
+type citadel_provision_exec, exec_type, file_type, vendor_file_type;
+type citadel_updater, file_type, vendor_file_type;
+type debugfs_f2fs, debugfs_type, fs_type;
+type debugfs_thermal, debugfs_type, fs_type;
+type dump_storage_data_file, data_file_type, file_type;
+type edgetpu_vendor_service_data_file, data_file_type, file_type;
+type hal_camera_default_tmpfs, file_type;
+type hal_neuralnetworks_darwinn_data_file, data_file_type, file_type;
+type init-check_ap_pd_auth-sh_exec, exec_type, file_type, vendor_file_type;
+type intelligence_data_file, data_file_type, file_type;
+type mediadrm_vendor_data_file, data_file_type, file_type;
+type mitigation_vendor_data_file, data_file_type, file_type;
+type modem_efs_file, file_type;
+type modem_stat_data_file, data_file_type, file_type;
+type modem_userdata_file, file_type;
+type per_boot_file, core_data_file_type, data_file_type, file_type;
+type persist_aoc_file, file_type, vendor_persist_type;
+type persist_audio_file, file_type, vendor_persist_type;
+type persist_battery_file, file_type, vendor_persist_type;
+type persist_camera_file, file_type, vendor_persist_type;
+type persist_display_file, file_type, vendor_persist_type;
+type persist_modem_file, file_type, vendor_persist_type;
+type persist_sensor_reg_file, file_type, vendor_persist_type;
+type persist_ss_file, file_type, vendor_persist_type;
+type persist_uwb_file, file_type, vendor_persist_type;
+type powerstats_vendor_data_file, data_file_type, file_type;
+type proc_compaction_proactiveness, fs_type, proc_type;
+type proc_f2fs, fs_type, proc_type;
+type proc_vendor_mm, fs_type, proc_type;
+type radio_vendor_data_file, data_file_type, file_type;
+type ramdump_vendor_data_file, data_file_type, file_type, mlstrustedobject;
+type ramdump_vendor_mnt_file, data_file_type, file_type, mlstrustedobject;
+type rild_vendor_data_file, data_file_type, file_type;
+type sensor_debug_data_file, data_file_type, file_type;
+type sensor_reg_data_file, data_file_type, file_type;
+type sg_util_exec, exec_type, file_type, vendor_file_type;
+type sscoredump_vendor_data_coredump_file, data_file_type, file_type, mlstrustedobject;
+type sscoredump_vendor_data_crashinfo_file, data_file_type, file_type, mlstrustedobject;
+type sscoredump_vendor_data_logcat_file, data_file_type, file_type, mlstrustedobject;
+type sysfs_acpm_stats, fs_type, sysfs_type;
+type sysfs_aoc, fs_type, sysfs_type;
+type sysfs_aoc_boottime, fs_type, sysfs_type;
+type sysfs_aoc_dumpstate, fs_type, sysfs_type;
+type sysfs_aoc_firmware, fs_type, sysfs_type;
+type sysfs_aoc_notifytimeout, fs_type, sysfs_type;
+type sysfs_aoc_reset, fs_type, sysfs_type;
+type sysfs_bcl, fs_type, sysfs_type;
+type sysfs_bcmdhd, fs_type, sysfs_type;
+type sysfs_camera, fs_type, sysfs_type;
+type sysfs_chargelevel, fs_type, sysfs_type;
+type sysfs_chosen, fs_type, sysfs_type;
+type sysfs_cpu, fs_type, sysfs_type;
+type sysfs_dump_modem, fs_type, sysfs_type;
+type sysfs_edgetpu, fs_type, sysfs_type;
+type sysfs_em_profile, fs_type, sysfs_type;
+type sysfs_exynos_bts, fs_type, sysfs_type;
+type sysfs_exynos_bts_stats, fs_type, sysfs_type;
+type sysfs_exynos_pcie_stats, fs_type, sysfs_type;
+type sysfs_fabric, fs_type, sysfs_type;
+type sysfs_force_empty, fs_type, sysfs_type;
+type sysfs_gps, fs_type, sysfs_type;
+type sysfs_gxp, fs_type, sysfs_type;
+type sysfs_mfc, fs_type, sysfs_type;
+type sysfs_modem, fs_type, sysfs_type;
+type sysfs_modem_state, fs_type, sysfs_type;
+type sysfs_odpm, fs_type, sysfs_type;
+type sysfs_ota, fs_type, sysfs_type;
+type sysfs_pakills, fs_type, sysfs_type;
+type sysfs_pca, fs_type, sysfs_type;
+type sysfs_ptracker, fs_type, sysfs_type;
+type sysfs_sjtag, fs_type, sysfs_type;
+type sysfs_sscoredump_level, fs_type, sysfs_type;
+type sysfs_sscoredump_subsystem_report_count, fs_type, sysfs_type;
+type sysfs_st33spi, fs_type, mlstrustedobject, sysfs_type;
+type sysfs_trusty, fs_type, sysfs_type;
+type sysfs_usbc_throttling_stats, fs_type, sysfs_type;
+type sysfs_vendor_metrics, fs_type, sysfs_type;
+type sysfs_wifi, fs_type, sysfs_type;
+type sysfs_wlc, fs_type, sysfs_type;
+type sysfs_write_leds, fs_type, sysfs_type;
+type tcpdump_logger_exec, exec_type, file_type, vendor_file_type;
+type tcpdump_vendor_data_file, data_file_type, file_type;
+type updated_wifi_firmware_data_file, data_file_type, file_type;
+type uwb_data_vendor, data_file_type, file_type;
+type vcd_exec, exec_type, file_type, vendor_file_type;
+type vendor_battery_debugfs, debugfs_type, fs_type;
+type vendor_bts_debugfs, debugfs_type, fs_type;
+type vendor_camera_data_file, data_file_type, file_type;
+type vendor_charger_debugfs, debugfs_type, fs_type;
+type vendor_cma_debugfs, debugfs_type, fs_type;
+type vendor_dmabuf_debugfs, debugfs_type, fs_type;
+type vendor_dri_debugfs, debugfs_type, fs_type;
+type vendor_dumpsys, file_type, vendor_file_type;
+type vendor_fw_file, file_type, vendor_file_type;
+type vendor_hwc_log_file, data_file_type, file_type;
+type vendor_log_file, data_file_type, file_type;
+type vendor_maxfg_debugfs, debugfs_type, fs_type;
+type vendor_media_data_file, data_file_type, file_type;
+type vendor_misc_data_file, data_file_type, file_type;
+type vendor_nfc_vendor_data_file, data_file_type, file_type;
+type vendor_page_pinner_debugfs, debugfs_type, fs_type;
+type vendor_pm_genpd_debugfs, debugfs_type, fs_type;
+type vendor_regmap_debugfs, debugfs_type, fs_type;
+type vendor_rfsd_log_file, data_file_type, file_type;
+type vendor_slog_file, data_file_type, file_type;
+type vendor_umfw_stat_tool, file_type, vendor_file_type;
+type vendor_usb_debugfs, debugfs_type, fs_type;
+type vendor_usf_reg_edit, file_type, vendor_file_type;
+type vendor_usf_stats, file_type, vendor_file_type;
+type vendor_votable_debugfs, debugfs_type, fs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
new file mode 100644
index 00000000..6d8e754f
--- /dev/null
+++ b/sepolicy/vendor/file_contexts
@@ -0,0 +1,363 @@
+/(vendor|system/vendor)/lib(64)?/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0
+/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+/data/per_boot(/.*)? u:object_r:per_boot_file:s0
+/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0
+/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
+/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0
+/data/vendor/edgetpu(/.*)? u:object_r:edgetpu_vendor_service_data_file:s0
+/data/vendor/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0
+/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
+/data/vendor/intelligence(/.*)? u:object_r:intelligence_data_file:s0
+/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
+/data/vendor/log/hwc(/.*)? u:object_r:vendor_hwc_log_file:s0
+/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
+/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0
+/data/vendor/mitigation(/.*)? u:object_r:mitigation_vendor_data_file:s0
+/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
+/data/vendor/nfc(/.*)? u:object_r:vendor_nfc_vendor_data_file:s0
+/data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0
+/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
+/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
+/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
+/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0
+/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
+/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
+/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
+/data/vendor/ssrdump(/.*)? u:object_r:sscoredump_vendor_data_crashinfo_file:s0
+/data/vendor/ssrdump/coredump(/.*)? u:object_r:sscoredump_vendor_data_coredump_file:s0
+/data/vendor/ssrdump/logcat(/.*)? u:object_r:sscoredump_vendor_data_logcat_file:s0
+/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
+/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
+/data/vendor/tombstones/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0
+/dev/acd-ambient_pcm u:object_r:aoc_device:s0
+/dev/acd-aocx_control u:object_r:aoc_device:s0
+/dev/acd-aocx_inject[0-9]* u:object_r:aoc_device:s0
+/dev/acd-aocx_tapout[0-9]* u:object_r:aoc_device:s0
+/dev/acd-audio_ap_offload_rx u:object_r:aoc_device:s0
+/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0
+/dev/acd-audio_bulk_rx u:object_r:aoc_device:s0
+/dev/acd-audio_bulk_tx u:object_r:aoc_device:s0
+/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0
+/dev/acd-audio_input_bulk_rx u:object_r:aoc_device:s0
+/dev/acd-audio_input_bulk_tx u:object_r:aoc_device:s0
+/dev/acd-audio_input_tuning u:object_r:aoc_device:s0
+/dev/acd-audio_output_tuning u:object_r:aoc_device:s0
+/dev/acd-audio_rtp_rx u:object_r:aoc_device:s0
+/dev/acd-audio_rtp_tx u:object_r:aoc_device:s0
+/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
+/dev/acd-chre_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_data_rx u:object_r:aoc_device:s0
+/dev/acd-chre_data_tx u:object_r:aoc_device:s0
+/dev/acd-com.google.bt u:object_r:aoc_device:s0
+/dev/acd-com.google.bt.non_wake_up u:object_r:aoc_device:s0
+/dev/acd-com.google.chre u:object_r:aoc_device:s0
+/dev/acd-com.google.chre.non_wake_up u:object_r:aoc_device:s0
+/dev/acd-com.google.umfw_stat u:object_r:aoc_device:s0
+/dev/acd-com.google.usf u:object_r:aoc_device:s0
+/dev/acd-com.google.usf.non_wake_up u:object_r:aoc_device:s0
+/dev/acd-debug u:object_r:aoc_device:s0
+/dev/acd-hotword_notification u:object_r:aoc_device:s0
+/dev/acd-hotword_pcm u:object_r:aoc_device:s0
+/dev/acd-logging u:object_r:aoc_device:s0
+/dev/acd-mc_headpos u:object_r:aoc_device:s0
+/dev/acd-mel_processor u:object_r:aoc_device:s0
+/dev/acd-model_data u:object_r:aoc_device:s0
+/dev/acd-sound_trigger u:object_r:aoc_device:s0
+/dev/amcs u:object_r:amcs_device:s0
+/dev/aoc u:object_r:aoc_device:s0
+/dev/battery_history u:object_r:battery_history_device:s0
+/dev/bbd_pwrstat u:object_r:power_stats_device:s0
+/dev/bigocean u:object_r:video_device:s0
+/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/sda u:object_r:sda_block_device:s0
+/dev/dit2 u:object_r:vendor_toe_device:s0
+/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0
+/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0
+/dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0
+/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
+/dev/dri/card0 u:object_r:graphics_device:s0
+/dev/fimg2d u:object_r:graphics_device:s0
+/dev/fth_fd u:object_r:fingerprint_device:s0
+/dev/g2d u:object_r:graphics_device:s0
+/dev/goodix_fp u:object_r:fingerprint_device:s0
+/dev/gsc0 u:object_r:citadel_device:s0
+/dev/gxp u:object_r:gxp_device:s0
+/dev/ispolin_ranging u:object_r:rls_device:s0
+/dev/janeiro u:object_r:edgetpu_device:s0
+/dev/logbuffer_bd u:object_r:logbuffer_device:s0
+/dev/logbuffer_cpif u:object_r:logbuffer_device:s0
+/dev/logbuffer_cpm u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxq u:object_r:logbuffer_device:s0
+/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0
+/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0
+/dev/logbuffer_pcie0 u:object_r:logbuffer_device:s0
+/dev/logbuffer_pcie1 u:object_r:logbuffer_device:s0
+/dev/logbuffer_pogo_transport u:object_r:logbuffer_device:s0
+/dev/logbuffer_rtx u:object_r:logbuffer_device:s0
+/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
+/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0
+/dev/logbuffer_ttf u:object_r:logbuffer_device:s0
+/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
+/dev/logbuffer_wireless u:object_r:logbuffer_device:s0
+/dev/lwis-act-jotnar u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0
+/dev/lwis-csi u:object_r:lwis_device:s0
+/dev/lwis-dpm u:object_r:lwis_device:s0
+/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0
+/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0
+/dev/lwis-g3aa u:object_r:lwis_device:s0
+/dev/lwis-gdc0 u:object_r:lwis_device:s0
+/dev/lwis-gdc1 u:object_r:lwis_device:s0
+/dev/lwis-gtnr-align u:object_r:lwis_device:s0
+/dev/lwis-gtnr-merge u:object_r:lwis_device:s0
+/dev/lwis-ipp u:object_r:lwis_device:s0
+/dev/lwis-itp u:object_r:lwis_device:s0
+/dev/lwis-mcsc u:object_r:lwis_device:s0
+/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0
+/dev/lwis-ois-jotnar u:object_r:lwis_device:s0
+/dev/lwis-pdp u:object_r:lwis_device:s0
+/dev/lwis-scsc u:object_r:lwis_device:s0
+/dev/lwis-sensor-buraq u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0
+/dev/lwis-sensor-kraken u:object_r:lwis_device:s0
+/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0
+/dev/lwis-sensor-nagual u:object_r:lwis_device:s0
+/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0
+/dev/lwis-slc u:object_r:lwis_device:s0
+/dev/lwis-top u:object_r:lwis_device:s0
+/dev/lwis-votf u:object_r:lwis_device:s0
+/dev/mali0 u:object_r:gpu_device:s0
+/dev/maxfg_history u:object_r:battery_history_device:s0
+/dev/oem_ipc[0-7] u:object_r:radio_device:s0
+/dev/oem_test u:object_r:radio_test_device:s0
+/dev/sg[0-9] u:object_r:sg_device:s0
+/dev/socket/chre u:object_r:chre_socket:s0
+/dev/sscd_.* u:object_r:sscoredump_device:s0
+/dev/st21nfc u:object_r:nfc_device:s0
+/dev/st33spi u:object_r:st33spi_device:s0
+/dev/st54spi u:object_r:st54spi_device:s0
+/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
+/dev/thermal(/.*)? u:object_r:thermal_link_device:s0
+/dev/touch_offload u:object_r:touch_offload_device:s0
+/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
+/dev/trusty-log0 u:object_r:trusty_log_device:s0
+/dev/ttyGS[0-3] u:object_r:serial_device:s0
+/dev/ttySAC0 u:object_r:tty_device:s0
+/dev/ttySAC18 u:object_r:hci_attach_dev:s0
+/dev/umts_boot0 u:object_r:radio_device:s0
+/dev/umts_dm0 u:object_r:radio_device:s0
+/dev/umts_ipc0 u:object_r:radio_device:s0
+/dev/umts_ipc1 u:object_r:radio_device:s0
+/dev/umts_rfs0 u:object_r:radio_device:s0
+/dev/umts_router u:object_r:radio_device:s0
+/dev/umts_wfc[01] u:object_r:pktrouter_device:s0
+/dev/watchdog0 u:object_r:watchdog_device:s0
+/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
+/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
+/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
+/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
+/mnt/vendor/persist/aoc(/.*)? u:object_r:persist_aoc_file:s0
+/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
+/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
+/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
+/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
+/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
+/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0
+/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0
+/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0
+/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
+/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
+/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
+/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0
+/vendor/bin/aocd u:object_r:aocd_exec:s0
+/vendor/bin/aocdump u:object_r:aocdump_exec:s0
+/vendor/bin/aocxd u:object_r:aocxd_exec:s0
+/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0
+/vendor/bin/cbd u:object_r:cbd_exec:s0
+/vendor/bin/chre u:object_r:chre_exec:s0
+/vendor/bin/dmd u:object_r:dmd_exec:s0
+/vendor/bin/dump/dump_aoc u:object_r:dump_aoc_exec:s0
+/vendor/bin/dump/dump_camera u:object_r:dump_camera_exec:s0
+/vendor/bin/dump/dump_devfreq u:object_r:dump_devfreq_exec:s0
+/vendor/bin/dump/dump_display_userdebug\.sh u:object_r:dump_exynos_display_userdebug_exec:s0
+/vendor/bin/dump/dump_exynos_display u:object_r:dump_exynos_display_exec:s0
+/vendor/bin/dump/dump_fingerprint u:object_r:dump_fingerprint_exec:s0
+/vendor/bin/dump/dump_gps u:object_r:dump_gps_exec:s0
+/vendor/bin/dump/dump_gsc\.sh u:object_r:dump_gsc_exec:s0
+/vendor/bin/dump/dump_gxp u:object_r:dump_gxp_exec:s0
+/vendor/bin/dump/dump_memory u:object_r:dump_memory_exec:s0
+/vendor/bin/dump/dump_modem u:object_r:dump_modem_exec:s0
+/vendor/bin/dump/dump_modemlog u:object_r:dump_modemlog_exec:s0
+/vendor/bin/dump/dump_perf u:object_r:dump_perf_exec:s0
+/vendor/bin/dump/dump_pixel_metrics u:object_r:dump_pixel_metrics_exec:s0
+/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0
+/vendor/bin/dump/dump_radio u:object_r:dump_radio_exec:s0
+/vendor/bin/dump/dump_ramdump u:object_r:dump_ramdump_exec:s0
+/vendor/bin/dump/dump_sensors u:object_r:dump_sensors_exec:s0
+/vendor/bin/dump/dump_soc u:object_r:dump_soc_exec:s0
+/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0
+/vendor/bin/dump/dump_thermal\.sh u:object_r:dump_thermal_exec:s0
+/vendor/bin/dump/dump_trusty\.sh u:object_r:dump_trusty_exec:s0
+/vendor/bin/dump/dump_umfw_stat u:object_r:dump_umfw_stat_exec:s0
+/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0
+/vendor/bin/flood\.control\.hal u:object_r:flood_control_exec:s0
+/vendor/bin/gpu_probe u:object_r:gpu_probe_exec:s0
+/vendor/bin/hw/android\.hardware\.authsecret-service\.citadel u:object_r:hal_authsecret_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.boot-service\.default-pixel u:object_r:hal_bootctl_default_exec:s0
+/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.dumpstate-service u:object_r:hal_dumpstate_default_exec:s0
+/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
+/vendor/bin/hw/android\.hardware\.health-service\.gs201 u:object_r:hal_health_default_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0
+/vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0
+/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0
+/vendor/bin/hw/android\.hardware\.oemlock-service\.citadel u:object_r:hal_oemlock_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_st33spi_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel u:object_r:hal_keymint_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty u:object_r:hal_secretkeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.thermal-service\.pixel u:object_r:hal_thermal_default_exec:s0
+/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel u:object_r:hal_thermal_default_exec:s0
+/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.weaver-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/battery_mitigation u:object_r:battery_mitigation_exec:s0
+/vendor/bin/hw/citadel_updater u:object_r:citadel_updater:s0
+/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
+/vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0
+/vendor/bin/hw/com\.google\.edgetpu.tachyon-service u:object_r:edgetpu_tachyon_server_exec:s0
+/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0
+/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_google_exec:s0
+/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
+/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
+/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service u:object_r:mediacodec_samsung_exec:s0
+/vendor/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0
+/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0
+/vendor/bin/init\.camera\.set-interrupts-ownership u:object_r:init-camera-set-interrupts-ownership_exec:s0
+/vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0
+/vendor/bin/init\.display\.sh u:object_r:init-display-sh_exec:s0
+/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
+/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
+/vendor/bin/insmod\.sh u:object_r:insmod-sh_exec:s0
+/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
+/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
+/vendor/bin/ramdump u:object_r:ramdump_exec:s0
+/vendor/bin/ramdump32 u:object_r:ramdump_exec:s0
+/vendor/bin/rfsd u:object_r:rfsd_exec:s0
+/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
+/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
+/vendor/bin/sscoredump u:object_r:sscoredump_exec:s0
+/vendor/bin/storage_init\.sh u:object_r:storage_init_exec:s0
+/vendor/bin/storage_intelligence\.sh u:object_r:storage_intelligence_exec:s0
+/vendor/bin/storageproxyd u:object_r:tee_exec:s0
+/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
+/vendor/bin/thermal_controld u:object_r:pixel-thermal-control-sh_exec:s0
+/vendor/bin/thermal_logd u:object_r:init-thermal-logging-sh_exec:s0
+/vendor/bin/thermal_symlinks u:object_r:init-thermal-symlinks-sh_exec:s0
+/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
+/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0
+/vendor/bin/twoshay u:object_r:twoshay_exec:s0
+/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
+/vendor/bin/umfw_stat_tool u:object_r:vendor_umfw_stat_tool:s0
+/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0
+/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0
+/vendor/bin/vcd u:object_r:vcd_exec:s0
+/vendor/bin/wfc-pkt-router u:object_r:pktrouter_exec:s0
+/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0
+/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
+/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/android\.frameworks\.stats-V2-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/libedgetpu_tachyon\.google\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/libfmq\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/libmetrics_logger\.so u:object_r:same_process_hal_file:s0
+/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
diff --git a/sepolicy/whitechapel_pro/fingerprint_factory_service.te b/sepolicy/vendor/fingerprint_factory.te
similarity index 56%
rename from sepolicy/whitechapel_pro/fingerprint_factory_service.te
rename to sepolicy/vendor/fingerprint_factory.te
index 86ab35cc..05e775b5 100644
--- a/sepolicy/whitechapel_pro/fingerprint_factory_service.te
+++ b/sepolicy/vendor/fingerprint_factory.te
@@ -1,3 +1,4 @@
 type fingerprint_factory_service, service_manager_type;
-type fingerprint_factory_service_exec, exec_type, vendor_file_type, file_type;
+type fingerprint_factory_service_exec, exec_type, file_type, vendor_file_type;
+
 init_daemon_domain(fingerprint_factory_service)
diff --git a/sepolicy/vendor/flood_control.te b/sepolicy/vendor/flood_control.te
new file mode 100644
index 00000000..a255f0bd
--- /dev/null
+++ b/sepolicy/vendor/flood_control.te
@@ -0,0 +1,22 @@
+type flood_control, domain;
+type flood_control_exec, exec_type, file_type, vendor_file_type;
+type flood_control_service, app_api_service, hal_service_type, service_manager_type;
+
+add_service(flood_control, flood_control_service)
+
+binder_use(flood_control)
+
+domain_auto_trans(flood_control, vendor_misc_writer_exec, vendor_misc_writer)
+
+get_prop(flood_control, system_boot_reason_prop)
+
+init_daemon_domain(flood_control)
+
+set_prop(flood_control, vendor_flood_prop)
+
+allow flood_control dumpstate:fd use;
+allow flood_control dumpstate:fifo_file w_file_perms;
+allow flood_control pstorefs:dir r_dir_perms;
+allow flood_control pstorefs:file r_file_perms;
+allow flood_control ramdump_vendor_data_file:dir r_dir_perms;
+allow flood_control ramdump_vendor_data_file:file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/fsck.te b/sepolicy/vendor/fsck.te
similarity index 70%
rename from sepolicy/whitechapel_pro/fsck.te
rename to sepolicy/vendor/fsck.te
index cb9470d0..ccdca42a 100644
--- a/sepolicy/whitechapel_pro/fsck.te
+++ b/sepolicy/vendor/fsck.te
@@ -1,5 +1,7 @@
-allow fsck persist_block_device:blk_file rw_file_perms;
 allow fsck efs_block_device:blk_file rw_file_perms;
+allow fsck modem_block_device:blk_file rw_file_perms;
 allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+allow fsck persist_block_device:blk_file rw_file_perms;
 allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
 allow fsck sysfs_scsi_devices_0000:file r_file_perms;
+allow fsck userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
new file mode 100644
index 00000000..cc189574
--- /dev/null
+++ b/sepolicy/vendor/genfs_contexts
@@ -0,0 +1,369 @@
+genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0
+genfscon debugfs /dma_buf/bufinfo u:object_r:vendor_dmabuf_debugfs:s0
+genfscon debugfs /maxfg_secondary u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0
+genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /gs101-thermal u:object_r:debugfs_thermal:s0
+genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0
+genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0
+genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0
+genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0
+genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
+genfscon debugfs /cma u:object_r:vendor_cma_debugfs:s0
+genfscon debugfs /bts u:object_r:vendor_bts_debugfs:s0
+genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0
+genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
+genfscon proc /sys/vm/compaction_proactiveness u:object_r:proc_compaction_proactiveness:s0
+genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0
+genfscon proc /vendor_mm u:object_r:proc_vendor_mm:s0
+genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current0_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current1_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current2_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current3_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current4_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current5_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current6_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current7_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current8_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current10_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current11_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power10_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power11_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current0_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current1_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current2_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current3_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current4_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current5_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current6_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current7_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current8_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current9_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power0_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power1_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power2_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power3_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power4_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power5_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power6_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power7_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power8_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power9_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power10_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power11_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power1_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power2_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power3_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power4_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power5_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power6_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power7_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power8_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power9_scale u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/power_supply/tcpm-source-psy-13-0025/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/17000080.devfreq_bw/devfreq/17000080.devfreq_bw/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000080.devfreq_bw/devfreq/17000080.devfreq_bw/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/trans_stat u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0
+genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/ieee802154/phy0/net u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/available_disp_stats u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-rtc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb3 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/uwb/power_stats u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_pwr_vreg u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state u:object_r:sysfs_udc:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/osc2_clk_khz u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_state u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/power_state u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_mode u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0
+genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0036/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c/power_supply u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/power_supply u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
+genfscon sysfs /devices/platform/audiometrics/adapted_info_active_duration u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/audiometrics/adapted_info_active_count u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mali/sscoredump/sscd_mali/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/19000000.aoc/notify_timeout_aoc_status u:object_r:sysfs_aoc_notifytimeout:s0
+genfscon sysfs /devices/platform/audiometrics/offload_effects_duration u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0050/eeprom u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /kernel/metrics/resume_latency/resume_latency_metrics u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0
+genfscon sysfs /devices/platform/14700000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0008/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/audiometrics/cca_count_read_once u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1f000000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/ams_rate_read_once u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/cca_rate_read_once u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/offload_effects_id u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/28000000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/14700000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /kernel/metrics/thermal/tr_by_group/spmic/stats u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/audiometrics/speaker_version u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/1f000000.mali/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/cpif/modem/pcie_event_stats u:object_r:sysfs_dump_modem:s0
+genfscon sysfs /kernel/metrics/thermal/tr_by_group/tmu/stats u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/28000000.mali/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/14700000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0043 u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/28000000.mali/power_policy u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/1c240000.drmdecon/counters u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c241000.drmdecon/counters u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c242000.drmdecon/counters u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc u:object_r:sysfs_display:s0
+genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0
+genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/cpupm/cpupm/time_in_state u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/28000000.mali/dvfs_period u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/11920000.pcie/power_stats u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/14520000.pcie/power_stats u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
+genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/pcm_latency u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/14520000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0
+genfscon sysfs /devices/platform/11920000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0
+genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0
+genfscon sysfs /devices/platform/audiometrics/call_count u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /kernel/vendor_mm/cma/vframe/force_empty u:object_r:sysfs_force_empty:s0
+genfscon sysfs /devices/platform/audiometrics/pdm_state u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/pcm_count u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/28000000.mali/cur_freq u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/14700000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_mfc:s0
+genfscon sysfs /devices/platform/audiometrics/bt_usage u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/14700000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
+genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/system/chip-id/ap_hw_tune_str u:object_r:sysfs_chip_id:s0
+genfscon sysfs /devices/platform/exynos-bts/bts_stats u:object_r:sysfs_exynos_bts_stats:s0
+genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /kernel/metrics/irq/storm_irq_metrics u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /devices/platform/28000000.mali/kprcs u:object_r:sysfs_gpu:s0
+genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/11210000.usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
+genfscon sysfs /devices/system/chip-id/dvfs_version u:object_r:sysfs_chip_id:s0
+genfscon sysfs /devices/system/chip-id/pkg_revision u:object_r:sysfs_chip_id:s0
+genfscon sysfs /devices/platform/cpif/wakeup_events u:object_r:sysfs_dump_modem:s0
+genfscon sysfs /kernel/metrics/irq/long_irq_metrics u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /kernel/metrics/runnable/stats_reset u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /devices/platform/audiometrics/waves u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
+genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
+genfscon sysfs /devices/system/chip-id/product_id u:object_r:sysfs_chip_id:s0
+genfscon sysfs /devices/platform/cpif/modem_state u:object_r:sysfs_modem_state:s0
+genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0
+genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chip_id:s0
+genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0
+genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0
+genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0
+genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/system/chip-id/evt_ver u:object_r:sysfs_chip_id:s0
+genfscon sysfs /devices/system/chip-id/raw_str u:object_r:sysfs_chip_id:s0
+genfscon sysfs /kernel/metrics/irq/stats_reset u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0
+genfscon sysfs /devices/system/chip-id/lot_id u:object_r:sysfs_chip_id:s0
+genfscon sysfs /kernel/metrics/runnable/stats u:object_r:sysfs_vendor_metrics:s0
+genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.BIG u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.ISP u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.G3D u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2ba40000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bb40000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bc40000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0
+genfscon sysfs /module/gs_thermal/parameters u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/exynos-bts u:object_r:sysfs_exynos_bts:s0
+genfscon sysfs /module/drm/parameters/debug u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0
+genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /kernel/vendor_mm/pa_kill u:object_r:sysfs_pakills:s0
+genfscon sysfs /devices/virtual/powercap u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0
+genfscon sysfs /class/sscoredump/level u:object_r:sysfs_sscoredump_level:s0
+genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0
+genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0
+genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0
+genfscon sysfs /kernel/pixel_stat u:object_r:sysfs_pixel_stat:s0
+genfscon sysfs /module/bcmdhd4389 u:object_r:sysfs_bcmdhd:s0
+genfscon sysfs /kernel/vendor_mm u:object_r:sysfs_vendor_mm:s0
+genfscon sysfs /class/powercap u:object_r:sysfs_thermal:s0
+genfscon sysfs /wlan_ptracker u:object_r:sysfs_ptracker:s0
+genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0
+genfscon sysfs /wifi u:object_r:sysfs_wifi:s0
+genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0
diff --git a/sepolicy/vendor/gpsd.te b/sepolicy/vendor/gpsd.te
new file mode 100644
index 00000000..39a2b142
--- /dev/null
+++ b/sepolicy/vendor/gpsd.te
@@ -0,0 +1 @@
+type gpsd, domain;
diff --git a/sepolicy/vendor/gpu_probe.te b/sepolicy/vendor/gpu_probe.te
new file mode 100644
index 00000000..6389c640
--- /dev/null
+++ b/sepolicy/vendor/gpu_probe.te
@@ -0,0 +1,8 @@
+type gpu_probe, domain;
+type gpu_probe_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(gpu_probe)
+
+perfetto_producer(gpu_probe)
+
+allow gpu_probe gpu_device:chr_file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/grilservice_app.te b/sepolicy/vendor/grilservice_app.te
similarity index 95%
rename from sepolicy/whitechapel_pro/grilservice_app.te
rename to sepolicy/vendor/grilservice_app.te
index 251fe1b2..38c01524 100644
--- a/sepolicy/whitechapel_pro/grilservice_app.te
+++ b/sepolicy/vendor/grilservice_app.te
@@ -1,18 +1,23 @@
 type grilservice_app, domain;
+
 app_domain(grilservice_app)
 
-allow grilservice_app app_api_service:service_manager find;
-allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
-allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
-allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
-allow grilservice_app hal_wifi_ext_service:service_manager find;
-allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
-allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
-allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
-allow grilservice_app radio_vendor_data_file:file create_file_perms;
+binder_call(grilservice_app, hal_audiometricext_default)
 binder_call(grilservice_app, hal_bluetooth_btlinux)
 binder_call(grilservice_app, hal_radioext_default)
 binder_call(grilservice_app, hal_wifi_ext)
-binder_call(grilservice_app, hal_audiometricext_default)
 binder_call(grilservice_app, rild)
+
 hal_client_domain(grilservice_app, hal_power_stats)
+
+r_dir_file(grilservice_app, sysfs_irq)
+
+allow grilservice_app app_api_service:service_manager find;
+allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
+allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_service:service_manager find;
+allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
+allow grilservice_app radio_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/gxp_logging.te b/sepolicy/vendor/gxp_logging.te
new file mode 100644
index 00000000..f5a37f66
--- /dev/null
+++ b/sepolicy/vendor/gxp_logging.te
@@ -0,0 +1,15 @@
+type gxp_logging, domain;
+type gxp_logging_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(gxp_logging, system_server)
+
+binder_use(gxp_logging)
+
+get_prop(gxp_logging, vendor_gxp_prop)
+
+init_daemon_domain(gxp_logging)
+
+allow gxp_logging fwk_stats_service:service_manager find;
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+allow gxp_logging sysfs_gxp:dir search;
+allow gxp_logging sysfs_gxp:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_audio.te b/sepolicy/vendor/hal_audio.te
new file mode 100644
index 00000000..a24e66c3
--- /dev/null
+++ b/sepolicy/vendor/hal_audio.te
@@ -0,0 +1,49 @@
+add_hwservice(hal_audio_default, hal_audio_ext_hwservice)
+
+binder_call(hal_audio_default, aocxd)
+binder_call(hal_audio_default, edgetpu_app_server)
+binder_call(hal_audio_default, edgetpu_vendor_server)
+
+get_prop(hal_audio_default, vendor_edgetpu_runtime_prop)
+get_prop(hal_audio_default, vendor_hetero_runtime_prop)
+get_prop(hal_audio_default, vendor_tflite_delegate_prop)
+
+hal_client_domain(hal_audio_default, hal_graphics_allocator)
+hal_client_domain(hal_audio_default, hal_health)
+hal_client_domain(hal_audio_default, hal_thermal)
+
+perfetto_producer(hal_audio_default)
+
+r_dir_file(hal_audio_default, aoc_audio_file)
+r_dir_file(hal_audio_default, mnt_vendor_file)
+r_dir_file(hal_audio_default, persist_audio_file)
+
+set_prop(hal_audio_default, vendor_audio_prop)
+set_prop(hal_audio_default, vendor_audio_prop_restricted)
+
+unix_socket_connect(hal_audio_default, property, traced)
+unix_socket_connect(hal_audio_default, traced_producer, init)
+
+vndbinder_use(hal_audio_default)
+
+wakelock_use(hal_audio_default)
+
+allow hal_audio_default amcs_device:{ chr_file file } rw_file_perms;
+allow hal_audio_default aoc_device:{ chr_file file } rw_file_perms;
+allow hal_audio_default aocx:service_manager find;
+allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
+allow hal_audio_default audio_vendor_data_file:file create_file_perms;
+allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;
+allow hal_audio_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_audio_default edgetpu_app_service:service_manager find;
+allow hal_audio_default edgetpu_device:chr_file rw_file_perms;
+allow hal_audio_default edgetpu_vendor_service:service_manager find;
+allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;
+allow hal_audio_default fwk_stats_service:service_manager find;
+allow hal_audio_default persist_file:dir search;
+allow hal_audio_default sysfs_aoc:dir search;
+allow hal_audio_default sysfs_aoc_boottime:file r_file_perms;
+allow hal_audio_default sysfs_extcon:dir search;
+allow hal_audio_default sysfs_extcon:file r_file_perms;
+allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
+allow hal_audio_default vendor_usb_debugfs:dir search;
diff --git a/sepolicy/vendor/hal_audiometricext.te b/sepolicy/vendor/hal_audiometricext.te
new file mode 100644
index 00000000..61102d85
--- /dev/null
+++ b/sepolicy/vendor/hal_audiometricext.te
@@ -0,0 +1,15 @@
+type hal_audiometricext_default, domain;
+type hal_audiometricext_default_exec, exec_type, file_type, vendor_file_type;
+type hal_audiometricext_hwservice, hwservice_manager_type;
+
+add_hwservice(hal_audiometricext_default, hal_audiometricext_hwservice)
+
+get_prop(hal_audiometricext_default, hwservicemanager_prop)
+get_prop(hal_audiometricext_default, vendor_audio_prop)
+
+hwbinder_use(hal_audiometricext_default)
+
+init_daemon_domain(hal_audiometricext_default)
+
+allow hal_audiometricext_default amcs_device:chr_file rw_file_perms;
+allow hal_audiometricext_default sysfs_pixelstats:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_authsecret_citadel.te b/sepolicy/vendor/hal_authsecret_citadel.te
new file mode 100644
index 00000000..b048f972
--- /dev/null
+++ b/sepolicy/vendor/hal_authsecret_citadel.te
@@ -0,0 +1,12 @@
+type hal_authsecret_citadel, domain;
+type hal_authsecret_citadel_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_authsecret_citadel, citadeld)
+
+hal_server_domain(hal_authsecret_citadel, hal_authsecret)
+
+init_daemon_domain(hal_authsecret_citadel)
+
+vndbinder_use(hal_authsecret_citadel)
+
+allow hal_authsecret_citadel citadeld_service:service_manager find;
diff --git a/sepolicy/vendor/hal_bluetooth_btlinux.te b/sepolicy/vendor/hal_bluetooth_btlinux.te
new file mode 100644
index 00000000..5b444b6f
--- /dev/null
+++ b/sepolicy/vendor/hal_bluetooth_btlinux.te
@@ -0,0 +1,4 @@
+binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)
+
+allow hal_bluetooth_btlinux aoc_device:chr_file { getattr open read write };
+allow hal_bluetooth_btlinux device:dir r_dir_perms;
diff --git a/sepolicy/vendor/hal_bootctl.te b/sepolicy/vendor/hal_bootctl.te
new file mode 100644
index 00000000..2db46512
--- /dev/null
+++ b/sepolicy/vendor/hal_bootctl.te
@@ -0,0 +1,4 @@
+allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;
+allow hal_bootctl_default tee_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_camera.te b/sepolicy/vendor/hal_camera.te
new file mode 100644
index 00000000..aaab1db5
--- /dev/null
+++ b/sepolicy/vendor/hal_camera.te
@@ -0,0 +1,68 @@
+add_service(hal_camera_default, vendor_image_processing_hal_service)
+
+binder_call(hal_camera_default, edgetpu_app_server)
+binder_call(hal_camera_default, edgetpu_tachyon_server)
+binder_call(hal_camera_default, edgetpu_vendor_server)
+binder_call(hal_camera_default, hal_radioext_default)
+binder_call(hal_camera_default, mediacodec_samsung)
+binder_call(hal_camera_default, rlsservice)
+binder_call(hal_camera_default, system_server)
+binder_call(hal_camera_default, vendor_pbcs_app)
+binder_call(hal_camera_default, vendor_pcs_app)
+
+get_prop(hal_camera_default, vendor_camera_debug_prop)
+get_prop(hal_camera_default, vendor_edgetpu_runtime_prop)
+get_prop(hal_camera_default, vendor_gxp_prop)
+get_prop(hal_camera_default, vendor_hetero_runtime_prop)
+get_prop(hal_camera_default, vendor_tflite_delegate_prop)
+
+hal_client_domain(hal_camera_default, hal_graphics_allocator)
+hal_client_domain(hal_camera_default, hal_graphics_composer)
+hal_client_domain(hal_camera_default, hal_power)
+hal_client_domain(hal_camera_default, hal_thermal)
+
+set_prop(hal_camera_default, log_tag_prop)
+set_prop(hal_camera_default, vendor_camera_prop)
+
+tmpfs_domain(hal_camera_default)
+
+vndbinder_use(hal_camera_default)
+
+wakelock_use(hal_camera_default)
+
+allow hal_camera_default aoc_device:chr_file rw_file_perms;
+allow hal_camera_default apex_info_file:file r_file_perms;
+allow hal_camera_default camera_binder_service:service_manager find;
+allow hal_camera_default camera_lyricconfigprovider_service:service_manager find;
+allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_camera_default eco_service:service_manager find;
+allow hal_camera_default edgetpu_app_service:service_manager find;
+allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
+allow hal_camera_default edgetpu_tachyon_service:service_manager find;
+allow hal_camera_default edgetpu_vendor_service:service_manager find;
+allow hal_camera_default fwk_stats_service:service_manager find;
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
+allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
+allow hal_camera_default kernel:process setsched;
+allow hal_camera_default lwis_device:chr_file rw_file_perms;
+allow hal_camera_default mnt_vendor_file:dir search;
+allow hal_camera_default persist_camera_file:dir rw_dir_perms;
+allow hal_camera_default persist_camera_file:file create_file_perms;
+allow hal_camera_default persist_file:dir search;
+allow hal_camera_default rls_service:service_manager find;
+allow hal_camera_default self:global_capability_class_set sys_nice;
+allow hal_camera_default sysfs_chip_id:file r_file_perms;
+allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
+allow hal_camera_default sysfs_display:file r_file_perms;
+allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
+allow hal_camera_default sysfs_edgetpu:file r_file_perms;
+allow hal_camera_default sysfs_leds:dir r_dir_perms;
+allow hal_camera_default sysfs_leds:file r_file_perms;
+allow hal_camera_default tee_device:chr_file rw_file_perms;
+allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
+allow hal_camera_default vendor_camera_data_file:file create_file_perms;
+
+dontaudit hal_camera_default system_data_file:dir search;
+dontaudit hal_camera_default traced:unix_stream_socket connectto;
+dontaudit hal_camera_default traced_producer_socket:sock_file write;
diff --git a/sepolicy/vendor/hal_contexthub.te b/sepolicy/vendor/hal_contexthub.te
new file mode 100644
index 00000000..1997cd64
--- /dev/null
+++ b/sepolicy/vendor/hal_contexthub.te
@@ -0,0 +1,19 @@
+binder_call(hal_contexthub_default, hal_sensors_default)
+binder_call(hal_contexthub_default, hal_wifi_ext)
+
+get_prop(hal_contexthub_default, vendor_aoc_prop)
+
+hal_client_domain(hal_contexthub_default, hal_graphics_allocator)
+
+unix_socket_connect(hal_contexthub_default, chre, chre)
+
+wakelock_use(hal_contexthub_default)
+
+allow hal_contexthub_default aoc_device:chr_file rw_file_perms;
+allow hal_contexthub_default chre_data_file:dir create_dir_perms;
+allow hal_contexthub_default chre_data_file:file create_file_perms;
+allow hal_contexthub_default device:dir r_dir_perms;
+allow hal_contexthub_default hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_contexthub_default hal_wifi_ext_service:service_manager find;
+allow hal_contexthub_default sysfs_aoc:dir search;
+allow hal_contexthub_default sysfs_aoc_boottime:file r_file_perms;
diff --git a/sepolicy/widevine/hal_drm_clearkey.te b/sepolicy/vendor/hal_drm_clearkey.te
similarity index 64%
rename from sepolicy/widevine/hal_drm_clearkey.te
rename to sepolicy/vendor/hal_drm_clearkey.te
index 0e0a5c24..0d37cf2f 100644
--- a/sepolicy/widevine/hal_drm_clearkey.te
+++ b/sepolicy/vendor/hal_drm_clearkey.te
@@ -1,5 +1,6 @@
 type hal_drm_clearkey, domain;
-type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_drm_clearkey)
+type hal_drm_clearkey_exec, exec_type, file_type, vendor_file_type;
 
 hal_server_domain(hal_drm_clearkey, hal_drm)
+
+init_daemon_domain(hal_drm_clearkey)
diff --git a/sepolicy/widevine/hal_drm_widevine.te b/sepolicy/vendor/hal_drm_widevine.te
similarity index 81%
rename from sepolicy/widevine/hal_drm_widevine.te
rename to sepolicy/vendor/hal_drm_widevine.te
index 1ecfa920..2b51c9a6 100644
--- a/sepolicy/widevine/hal_drm_widevine.te
+++ b/sepolicy/vendor/hal_drm_widevine.te
@@ -1,12 +1,10 @@
 type hal_drm_widevine, domain;
-type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_drm_widevine)
+type hal_drm_widevine_exec, exec_type, file_type, vendor_file_type;
 
 hal_server_domain(hal_drm_widevine, hal_drm)
 
-# L3
-allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
-allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+init_daemon_domain(hal_drm_widevine)
 
-# L1
 allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/hal_dumpstate.te b/sepolicy/vendor/hal_dumpstate.te
new file mode 100644
index 00000000..0c0fa82f
--- /dev/null
+++ b/sepolicy/vendor/hal_dumpstate.te
@@ -0,0 +1,13 @@
+binder_call(hal_dumpstate_default, twoshay)
+
+domain_auto_trans(hal_dumpstate_default, dump_gsc_exec, dump_gsc)
+
+set_prop(hal_dumpstate_default, vendor_logger_prop)
+
+allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
+allow hal_dumpstate_default shell_data_file:file getattr;
+allow hal_dumpstate_default touch_context_service:service_manager find;
+allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
+
+neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans;
diff --git a/sepolicy/whitechapel_pro/hal_fastboot_default.te b/sepolicy/vendor/hal_fastboot.te
similarity index 52%
rename from sepolicy/whitechapel_pro/hal_fastboot_default.te
rename to sepolicy/vendor/hal_fastboot.te
index 396120e2..4bc8bf12 100644
--- a/sepolicy/whitechapel_pro/hal_fastboot_default.te
+++ b/sepolicy/vendor/hal_fastboot.te
@@ -1,24 +1,17 @@
 binder_use(hal_fastboot_default)
 
-# For get-off-mode charge state
+allow hal_fastboot_default block_device:dir r_dir_perms;
+allow hal_fastboot_default citadel_device:chr_file rw_file_perms;
 allow hal_fastboot_default devinfo_block_device:blk_file { open read };
 allow hal_fastboot_default kmsg_device:chr_file { open write };
-
-# For dev/block/by-name dir
-allow hal_fastboot_default block_device:dir r_dir_perms;
-
-allow hal_fastboot_default tmpfs:dir rw_dir_perms;
+allow hal_fastboot_default metadata_block_device:blk_file rw_file_perms;
+allow hal_fastboot_default proc_bootconfig:file rw_file_perms;
+allow hal_fastboot_default proc_cmdline:file rw_file_perms;
 allow hal_fastboot_default rootfs:dir r_dir_perms;
-
-# For set-brightness
+allow hal_fastboot_default st54spi_device:chr_file rw_file_perms;
 allow hal_fastboot_default sysfs_leds:dir search;
 allow hal_fastboot_default sysfs_leds:file rw_file_perms;
 allow hal_fastboot_default sysfs_leds:lnk_file read;
+allow hal_fastboot_default tmpfs:dir rw_dir_perms;
 
-#for fastboot -w (wiping device)
-allow hal_fastboot_default citadel_device:chr_file { rw_file_perms };
-allow hal_fastboot_default proc_bootconfig:file { rw_file_perms };
-allow hal_fastboot_default proc_cmdline:file { rw_file_perms };
-allow hal_fastboot_default st54spi_device:chr_file { rw_file_perms };
-allow hal_fastboot_default metadata_block_device:blk_file { rw_file_perms };
-allowxperm hal_fastboot_default metadata_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
+allowxperm hal_fastboot_default metadata_block_device:blk_file ioctl { BLKDISCARD BLKSECDISCARD };
diff --git a/sepolicy/whitechapel_pro/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint.te
similarity index 69%
rename from sepolicy/whitechapel_pro/hal_fingerprint_default.te
rename to sepolicy/vendor/hal_fingerprint.te
index 8ec45a9f..bf9ca4a1 100644
--- a/sepolicy/whitechapel_pro/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint.te
@@ -1,39 +1,27 @@
-allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
-allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
-allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
-allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
-
-allow hal_fingerprint_default fwk_stats_service:service_manager find;
-get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
-set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
 add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
 
-# allow fingerprint to access power hal
-hal_client_domain(hal_fingerprint_default, hal_power);
-
-# Allow access to the files of CDT information.
-r_dir_file(hal_fingerprint_default, sysfs_chosen)
-
-# Allow fingerprint to access calibration blk device.
-allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms;
-allow hal_fingerprint_default block_device:dir search;
-
-# Allow fingerprint to access fwk_sensor_hwservice
-allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
-
-# Allow fingerprint to read sysfs_display
-allow hal_fingerprint_default sysfs_display:file r_file_perms;
-
-# Allow fingerprint to access trusty sysfs
-allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
-
-# Allow fingerprint to access display hal
-allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
 binder_call(hal_fingerprint_default, hal_graphics_composer_default)
 
-# allow fingerprint to access thermal hal
-hal_client_domain(hal_fingerprint_default, hal_thermal);
+get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
 
-# allow fingerprint to read sysfs_leds
-allow hal_fingerprint_default sysfs_leds:file r_file_perms;
+hal_client_domain(hal_fingerprint_default, hal_power)
+hal_client_domain(hal_fingerprint_default, hal_thermal)
+
+r_dir_file(hal_fingerprint_default, sysfs_chosen)
+
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
+
+allow hal_fingerprint trusty_log_device:chr_file r_file_perms;
+allow hal_fingerprint_default block_device:dir search;
+allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
+allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
+allow hal_fingerprint_default fwk_stats_service:service_manager find;
+allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
+allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms;
+allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_fingerprint_default sysfs_display:file r_file_perms;
 allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
+allow hal_fingerprint_default sysfs_leds:file r_file_perms;
+allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_graphics_allocator_default.te b/sepolicy/vendor/hal_graphics_allocator.te
similarity index 100%
rename from sepolicy/whitechapel_pro/hal_graphics_allocator_default.te
rename to sepolicy/vendor/hal_graphics_allocator.te
index 9791dae6..17a8139b 100644
--- a/sepolicy/whitechapel_pro/hal_graphics_allocator_default.te
+++ b/sepolicy/vendor/hal_graphics_allocator.te
@@ -1,4 +1,4 @@
-allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms;
-allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms;
 allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms;
 allow hal_graphics_allocator_default vscaler_heap_device:chr_file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer.te
similarity index 61%
rename from sepolicy/whitechapel_pro/hal_graphics_composer_default.te
rename to sepolicy/vendor/hal_graphics_composer.te
index 24966746..839cb5ed 100644
--- a/sepolicy/whitechapel_pro/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer.te
@@ -1,58 +1,30 @@
-# allow HWC to access power hal
-hal_client_domain(hal_graphics_composer_default, hal_power)
-
-hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
-
-# allow HWC to access vendor_displaycolor_service
+add_service(hal_graphics_composer_default, hal_pixel_display_service)
 add_service(hal_graphics_composer_default, vendor_displaycolor_service)
-
 add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
 
-add_service(hal_graphics_composer_default, hal_pixel_display_service)
-
-# access sysfs R/W
-allow hal_graphics_composer_default sysfs_display:dir search;
-allow hal_graphics_composer_default sysfs_display:file rw_file_perms;
-
-userdebug_or_eng(`
-# allow HWC to access vendor log file
-    allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
-    allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
-# For HWC/libdisplaycolor to generate calibration file.
-    allow hal_graphics_composer_default persist_display_file:file create_file_perms;
-    allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
-')
-
-# allow HWC/libdisplaycolor to read calibration data
-allow hal_graphics_composer_default mnt_vendor_file:dir search;
-allow hal_graphics_composer_default persist_file:dir search;
-allow hal_graphics_composer_default persist_display_file:file r_file_perms;
-allow hal_graphics_composer_default persist_display_file:dir search;
-
-# allow HWC to r/w backlight
-allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
-allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
-
-# allow HWC to get vendor_persist_sys_default_prop
+get_prop(hal_graphics_composer_default, boot_status_prop)
+get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
 get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)
 
-# allow HWC to get/set vendor_display_prop
+hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
+hal_client_domain(hal_graphics_composer_default, hal_power)
+
 set_prop(hal_graphics_composer_default, vendor_display_prop)
 
-# boot stauts prop
-get_prop(hal_graphics_composer_default, boot_status_prop);
-
-# allow HWC to output to dumpstate via pipe fd
-allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
-allow hal_graphics_composer_default hal_dumpstate_default:fd use;
-
-# socket / vnd service
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 vndbinder_use(hal_graphics_composer_default)
 
-# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
-get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
-
-# allow HWC to write log file
+allow hal_graphics_composer_default dump_exynos_display:fd use;
+allow hal_graphics_composer_default dump_exynos_display:fifo_file { append write };
+allow hal_graphics_composer_default hal_dumpstate_default:fd use;
+allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
+allow hal_graphics_composer_default mnt_vendor_file:dir search;
+allow hal_graphics_composer_default persist_display_file:dir search;
+allow hal_graphics_composer_default persist_display_file:file r_file_perms;
+allow hal_graphics_composer_default persist_file:dir search;
+allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow hal_graphics_composer_default sysfs_display:dir search;
+allow hal_graphics_composer_default sysfs_display:file rw_file_perms;
+allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
+allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
 allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
 allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_health_default.te b/sepolicy/vendor/hal_health.te
similarity index 87%
rename from sepolicy/whitechapel_pro/hal_health_default.te
rename to sepolicy/vendor/hal_health.te
index 805b707d..18572f68 100644
--- a/sepolicy/whitechapel_pro/hal_health_default.te
+++ b/sepolicy/vendor/hal_health.te
@@ -1,21 +1,19 @@
-allow hal_health_default mnt_vendor_file:dir search;
-allow hal_health_default persist_file:dir search;
-allow hal_health_default persist_battery_file:file create_file_perms;
-allow hal_health_default persist_battery_file:dir rw_dir_perms;
+binder_use(hal_health_default)
+
+r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
 
 set_prop(hal_health_default, vendor_battery_defender_prop)
 set_prop(hal_health_default, vendor_shutdown_prop)
 
-# Access to /sys/devices/platform/14700000.ufs/*
-allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms;
-allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms;
-
 allow hal_health_default fwk_stats_service:service_manager find;
-binder_use(hal_health_default)
-
-allow hal_health_default sysfs_wlc:dir search;
+allow hal_health_default mnt_vendor_file:dir search;
+allow hal_health_default persist_battery_file:dir rw_dir_perms;
+allow hal_health_default persist_battery_file:file create_file_perms;
+allow hal_health_default persist_file:dir search;
 allow hal_health_default sysfs_batteryinfo:file w_file_perms;
+allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms;
 allow hal_health_default sysfs_thermal:dir search;
 allow hal_health_default sysfs_thermal:file w_file_perms;
-allow hal_health_default thermal_link_device:dir search;
+allow hal_health_default sysfs_wlc:dir search;
 allow hal_health_default sysfs_wlc:file r_file_perms;
+allow hal_health_default thermal_link_device:dir search;
diff --git a/sepolicy/whitechapel_pro/hal_health_storage_default.te b/sepolicy/vendor/hal_health_storage.te
similarity index 75%
rename from sepolicy/whitechapel_pro/hal_health_storage_default.te
rename to sepolicy/vendor/hal_health_storage.te
index 2aa0881e..f25299f6 100644
--- a/sepolicy/whitechapel_pro/hal_health_storage_default.te
+++ b/sepolicy/vendor/hal_health_storage.te
@@ -1,3 +1,2 @@
-# Access to /sys/devices/platform/14700000.ufs/*
 allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
 allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_identity_citadel.te b/sepolicy/vendor/hal_identity_citadel.te
new file mode 100644
index 00000000..e913ee33
--- /dev/null
+++ b/sepolicy/vendor/hal_identity_citadel.te
@@ -0,0 +1,14 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_identity_citadel, citadeld)
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+hal_server_domain(hal_identity_citadel, hal_keymint)
+
+init_daemon_domain(hal_identity_citadel)
+
+vndbinder_use(hal_identity_citadel)
+
+allow hal_identity_citadel citadeld_service:service_manager find;
+allow hal_identity_citadel hal_keymint_citadel:binder call;
diff --git a/sepolicy/vendor/hal_input_processor.te b/sepolicy/vendor/hal_input_processor.te
new file mode 100644
index 00000000..df054b47
--- /dev/null
+++ b/sepolicy/vendor/hal_input_processor.te
@@ -0,0 +1 @@
+get_prop(hal_input_processor_default, vendor_display_prop)
diff --git a/sepolicy/vendor/hal_keymint_citadel.te b/sepolicy/vendor/hal_keymint_citadel.te
new file mode 100644
index 00000000..d707ea72
--- /dev/null
+++ b/sepolicy/vendor/hal_keymint_citadel.te
@@ -0,0 +1,14 @@
+type hal_keymint_citadel, domain;
+type hal_keymint_citadel_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_keymint_citadel, citadeld)
+
+get_prop(hal_keymint_citadel, vendor_security_patch_level_prop)
+
+hal_server_domain(hal_keymint_citadel, hal_keymint)
+
+init_daemon_domain(hal_keymint_citadel)
+
+vndbinder_use(hal_keymint_citadel)
+
+allow hal_keymint_citadel citadeld_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/hal_memtrack_default.te b/sepolicy/vendor/hal_memtrack.te
similarity index 100%
rename from sepolicy/whitechapel_pro/hal_memtrack_default.te
rename to sepolicy/vendor/hal_memtrack.te
diff --git a/sepolicy/vendor/hal_neuralnetworks_darwinn.te b/sepolicy/vendor/hal_neuralnetworks_darwinn.te
new file mode 100644
index 00000000..7434cdbd
--- /dev/null
+++ b/sepolicy/vendor/hal_neuralnetworks_darwinn.te
@@ -0,0 +1,37 @@
+type hal_neuralnetworks_darwinn, domain;
+type hal_neuralnetworks_darwinn_exec, exec_type, file_type, vendor_file_type;
+
+add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service)
+
+binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server)
+binder_call(hal_neuralnetworks_darwinn, system_server)
+
+binder_use(hal_neuralnetworks_darwinn)
+
+get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
+get_prop(hal_neuralnetworks_darwinn, vendor_edgetpu_runtime_prop)
+get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
+get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
+
+hal_client_domain(hal_neuralnetworks_darwinn, hal_graphics_allocator)
+hal_client_domain(hal_neuralnetworks_darwinn, hal_power)
+
+hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
+
+hwbinder_use(hal_neuralnetworks_darwinn)
+
+init_daemon_domain(hal_neuralnetworks_darwinn)
+
+allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
+allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
+allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
+allow hal_neuralnetworks_darwinn hal_graphics_allocator_service:service_manager find;
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create rw_file_perms unlink };
+allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
+allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
+allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
+allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
+allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_nfc_default.te b/sepolicy/vendor/hal_nfc.te
similarity index 72%
rename from sepolicy/whitechapel_pro/hal_nfc_default.te
rename to sepolicy/vendor/hal_nfc.te
index 11e0617b..3f803711 100644
--- a/sepolicy/whitechapel_pro/hal_nfc_default.te
+++ b/sepolicy/vendor/hal_nfc.te
@@ -1,17 +1,11 @@
-# NFC property
-set_prop(hal_nfc_default, vendor_nfc_prop)
+get_prop(hal_nfc_default, vendor_uwb_calibration_country_code)
+get_prop(hal_nfc_default, vendor_uwb_calibration_prop)
 
-# SecureElement property
+set_prop(hal_nfc_default, vendor_modem_prop)
+set_prop(hal_nfc_default, vendor_nfc_prop)
 set_prop(hal_nfc_default, vendor_secure_element_prop)
 
-# Modem property
-set_prop(hal_nfc_default, vendor_modem_prop)
-
-# Access uwb cal for SecureRanging Applet
 allow hal_nfc_default uwb_data_vendor:dir r_dir_perms;
 allow hal_nfc_default uwb_data_vendor:file r_file_perms;
-
-# allow nfc to read uwb calibration file
-get_prop(hal_nfc_default, vendor_uwb_calibration_prop)
-get_prop(hal_nfc_default, vendor_uwb_calibration_country_code)
-
+allow hal_nfc_default vendor_nfc_vendor_data_file:dir rw_dir_perms;
+allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/hal_oemlock_citadel.te b/sepolicy/vendor/hal_oemlock_citadel.te
new file mode 100644
index 00000000..379e1e71
--- /dev/null
+++ b/sepolicy/vendor/hal_oemlock_citadel.te
@@ -0,0 +1,12 @@
+type hal_oemlock_citadel, domain;
+type hal_oemlock_citadel_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_oemlock_citadel, citadeld)
+
+hal_server_domain(hal_oemlock_citadel, hal_oemlock)
+
+init_daemon_domain(hal_oemlock_citadel)
+
+vndbinder_use(hal_oemlock_citadel)
+
+allow hal_oemlock_citadel citadeld_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/hal_power_default.te b/sepolicy/vendor/hal_power.te
similarity index 59%
rename from sepolicy/whitechapel_pro/hal_power_default.te
rename to sepolicy/vendor/hal_power.te
index 4d6d0e05..348a7653 100644
--- a/sepolicy/whitechapel_pro/hal_power_default.te
+++ b/sepolicy/vendor/hal_power.te
@@ -1,11 +1,20 @@
-allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms;
-allow hal_power_default sysfs_fs_f2fs:dir r_dir_perms;
-allow hal_power_default sysfs_fs_f2fs:file rw_file_perms;
-allow hal_power_default sysfs_display:file rw_file_perms;
-allow hal_power_default proc_vendor_sched:file r_file_perms;
-allow hal_power_default sysfs_gpu:file rw_file_perms;
-allow hal_power_default sysfs_fabric:file rw_file_perms;
-allow hal_power_default sysfs_camera:file rw_file_perms;
-allow hal_power_default sysfs_trusty:file rw_file_perms;
-allow hal_power_default sysfs_em_profile:file rw_file_perms;
+hal_client_domain(hal_power_default, hal_thermal)
+
+r_dir_file(hal_power_default, sysfs_vendor_mm)
+
 set_prop(hal_power_default, vendor_camera_prop)
+
+allow hal_power_default hal_thermal_service:service_manager find;
+allow hal_power_default sysfs_camera:file rw_file_perms;
+allow hal_power_default sysfs_display:file rw_file_perms;
+allow hal_power_default sysfs_em_profile:file rw_file_perms;
+allow hal_power_default sysfs_fabric:file rw_file_perms;
+allow hal_power_default sysfs_fs_f2fs:dir r_dir_perms;
+allow hal_power_default sysfs_fs_f2fs:dir search;
+allow hal_power_default sysfs_fs_f2fs:file rw_file_perms;
+allow hal_power_default sysfs_gpu:file rw_file_perms;
+allow hal_power_default sysfs_pakills:dir r_dir_perms;
+allow hal_power_default sysfs_pakills:file rw_file_perms;
+allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms;
+allow hal_power_default sysfs_trusty:file rw_file_perms;
+allow hal_power_default sysfs_vendor_mm:file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_power_stats_default.te b/sepolicy/vendor/hal_power_stats.te
similarity index 79%
rename from sepolicy/whitechapel_pro/hal_power_stats_default.te
rename to sepolicy/vendor/hal_power_stats.te
index 770af5b7..18073419 100644
--- a/sepolicy/whitechapel_pro/hal_power_stats_default.te
+++ b/sepolicy/vendor/hal_power_stats.te
@@ -1,9 +1,9 @@
-# allowed to access dislay stats sysfs node
-allow hal_power_stats_default sysfs_display:file r_file_perms;
+binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
 
+r_dir_file(hal_power_stats_default, powerstats_vendor_data_file)
+r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
 r_dir_file(hal_power_stats_default, sysfs_aoc)
 r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate)
-r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
 r_dir_file(hal_power_stats_default, sysfs_cpu)
 r_dir_file(hal_power_stats_default, sysfs_display)
 r_dir_file(hal_power_stats_default, sysfs_edgetpu)
@@ -12,11 +12,6 @@ r_dir_file(hal_power_stats_default, sysfs_leds)
 r_dir_file(hal_power_stats_default, sysfs_odpm)
 r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
 r_dir_file(hal_power_stats_default, sysfs_wifi)
-r_dir_file(hal_power_stats_default, powerstats_vendor_data_file)
 
-# Rail selection requires read/write permissions
 allow hal_power_stats_default sysfs_odpm:dir search;
 allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
-
-# getStateResidency AIDL callback for Bluetooth HAL
-binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
diff --git a/sepolicy/whitechapel_pro/hal_radioext_default.te b/sepolicy/vendor/hal_radioext.te
similarity index 86%
rename from sepolicy/whitechapel_pro/hal_radioext_default.te
rename to sepolicy/vendor/hal_radioext.te
index 7e21da86..0fdeaa90 100644
--- a/sepolicy/whitechapel_pro/hal_radioext_default.te
+++ b/sepolicy/vendor/hal_radioext.te
@@ -1,22 +1,22 @@
 type hal_radioext_default, domain;
-type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_radioext_default)
+type hal_radioext_default_exec, exec_type, file_type, vendor_file_type;
+type hal_radioext_hwservice, hwservice_manager_type;
 
-hwbinder_use(hal_radioext_default)
-get_prop(hal_radioext_default, hwservicemanager_prop)
-set_prop(hal_radioext_default, vendor_gril_prop)
 add_hwservice(hal_radioext_default, hal_radioext_hwservice)
 
 binder_call(hal_radioext_default, grilservice_app)
 binder_call(hal_radioext_default, hal_bluetooth_btlinux)
 
-# RW /dev/oem_ipc0
-allow hal_radioext_default radio_device:chr_file rw_file_perms;
+get_prop(hal_radioext_default, hwservicemanager_prop)
 
-# RW Freq Config files
+hwbinder_use(hal_radioext_default)
+
+init_daemon_domain(hal_radioext_default)
+
+set_prop(hal_radioext_default, vendor_gril_prop)
+
+allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow hal_radioext_default radio_device:chr_file rw_file_perms;
 allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
 allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
 allow hal_radioext_default sysfs_display:file rw_file_perms;
-
-# Bluetooth
-allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
diff --git a/sepolicy/whitechapel_pro/hal_secure_element_gto.te b/sepolicy/vendor/hal_secure_element_gto.te
similarity index 70%
rename from sepolicy/whitechapel_pro/hal_secure_element_gto.te
rename to sepolicy/vendor/hal_secure_element_gto.te
index c7724c7c..b4338241 100644
--- a/sepolicy/whitechapel_pro/hal_secure_element_gto.te
+++ b/sepolicy/vendor/hal_secure_element_gto.te
@@ -1,5 +1,6 @@
 type hal_secure_element_gto, domain;
-type hal_secure_element_gto_exec, exec_type, vendor_file_type, file_type;
+type hal_secure_element_gto_exec, exec_type, file_type, vendor_file_type;
 
 hal_server_domain(hal_secure_element_gto, hal_secure_element)
+
 init_daemon_domain(hal_secure_element_gto)
diff --git a/sepolicy/whitechapel_pro/hal_secure_element_gto_ese2.te b/sepolicy/vendor/hal_secure_element_gto_ese2.te
similarity index 66%
rename from sepolicy/whitechapel_pro/hal_secure_element_gto_ese2.te
rename to sepolicy/vendor/hal_secure_element_gto_ese2.te
index 678810a4..69a3b21b 100644
--- a/sepolicy/whitechapel_pro/hal_secure_element_gto_ese2.te
+++ b/sepolicy/vendor/hal_secure_element_gto_ese2.te
@@ -1,5 +1,6 @@
 type hal_secure_element_gto_ese2, domain;
-type hal_secure_element_gto_ese2_exec, exec_type, vendor_file_type, file_type;
+type hal_secure_element_gto_ese2_exec, exec_type, file_type, vendor_file_type;
 
 hal_server_domain(hal_secure_element_gto_ese2, hal_secure_element)
+
 init_daemon_domain(hal_secure_element_gto_ese2)
diff --git a/sepolicy/whitechapel_pro/hal_secure_element_st33spi.te b/sepolicy/vendor/hal_secure_element_st33spi.te
similarity index 73%
rename from sepolicy/whitechapel_pro/hal_secure_element_st33spi.te
rename to sepolicy/vendor/hal_secure_element_st33spi.te
index cecc8fe8..c9a701de 100644
--- a/sepolicy/whitechapel_pro/hal_secure_element_st33spi.te
+++ b/sepolicy/vendor/hal_secure_element_st33spi.te
@@ -1,6 +1,8 @@
 type hal_secure_element_st33spi, domain;
-hal_server_domain(hal_secure_element_st33spi, hal_secure_element)
-type hal_secure_element_st33spi_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_secure_element_st33spi)
-allow hal_secure_element_st33spi st33spi_device:chr_file rw_file_perms;
+type hal_secure_element_st33spi_exec, exec_type, file_type, vendor_file_type;
 
+hal_server_domain(hal_secure_element_st33spi, hal_secure_element)
+
+init_daemon_domain(hal_secure_element_st33spi)
+
+allow hal_secure_element_st33spi st33spi_device:chr_file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_secure_element_st54spi.te b/sepolicy/vendor/hal_secure_element_st54spi.te
similarity index 81%
rename from sepolicy/whitechapel_pro/hal_secure_element_st54spi.te
rename to sepolicy/vendor/hal_secure_element_st54spi.te
index a3e74be3..cca22afd 100644
--- a/sepolicy/whitechapel_pro/hal_secure_element_st54spi.te
+++ b/sepolicy/vendor/hal_secure_element_st54spi.te
@@ -1,8 +1,11 @@
 type hal_secure_element_st54spi, domain;
+type hal_secure_element_st54spi_exec, exec_type, file_type, vendor_file_type;
+
 hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
-type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
+
 init_daemon_domain(hal_secure_element_st54spi)
-allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
-allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
+
 set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)
 
+allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
+allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_secure_element_uicc.te b/sepolicy/vendor/hal_secure_element_uicc.te
similarity index 60%
rename from sepolicy/whitechapel_pro/hal_secure_element_uicc.te
rename to sepolicy/vendor/hal_secure_element_uicc.te
index fe535320..03df1b34 100644
--- a/sepolicy/whitechapel_pro/hal_secure_element_uicc.te
+++ b/sepolicy/vendor/hal_secure_element_uicc.te
@@ -1,11 +1,10 @@
 type hal_secure_element_uicc, domain;
-type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
+type hal_secure_element_uicc_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_secure_element_uicc, rild)
 
 hal_server_domain(hal_secure_element_uicc, hal_secure_element)
+
 init_daemon_domain(hal_secure_element_uicc)
 
-# Allow hal_secure_element_uicc to access rild
-binder_call(hal_secure_element_uicc, rild);
 allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
-
-
diff --git a/sepolicy/vendor/hal_sensors.te b/sepolicy/vendor/hal_sensors.te
new file mode 100644
index 00000000..04438457
--- /dev/null
+++ b/sepolicy/vendor/hal_sensors.te
@@ -0,0 +1,40 @@
+binder_call(hal_sensors_default, hal_contexthub_default)
+binder_call(hal_sensors_default, hal_graphics_composer_default)
+binder_call(hal_sensors_default, system_server)
+
+get_prop(hal_sensors_default, vendor_aoc_prop)
+get_prop(hal_sensors_default, vendor_chre_hal_prop)
+get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
+
+hal_client_domain(hal_sensors_default, hal_graphics_allocator)
+
+r_dir_file(hal_sensors_default, persist_camera_file)
+r_dir_file(hal_sensors_default, persist_sensor_reg_file)
+r_dir_file(hal_sensors_default, sysfs_batteryinfo)
+r_dir_file(hal_sensors_default, sysfs_chosen)
+
+unix_socket_connect(hal_sensors_default, chre, chre)
+unix_socket_connect(hal_sensors_default, chre, hal_contexthub_default)
+
+allow hal_sensors_default aoc_device:chr_file rw_file_perms;
+allow hal_sensors_default device:dir r_dir_perms;
+allow hal_sensors_default fwk_stats_service:service_manager find;
+allow hal_sensors_default hal_contexthub_service:service_manager find;
+allow hal_sensors_default hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_sensors_default hal_pixel_display_service:service_manager find;
+allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
+allow hal_sensors_default mnt_vendor_file:dir search;
+allow hal_sensors_default persist_file:dir search;
+allow hal_sensors_default persist_file:file r_file_perms;
+allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
+allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
+allow hal_sensors_default sysfs_aoc:dir search;
+allow hal_sensors_default sysfs_aoc:file r_file_perms;
+allow hal_sensors_default sysfs_aoc_boottime:file rw_file_perms;
+allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
+allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms;
+allow hal_sensors_default sysfs_display:file r_file_perms;
+allow hal_sensors_default sysfs_leds:dir search;
+allow hal_sensors_default sysfs_leds:file rw_file_perms;
+allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
+allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_telephony.te b/sepolicy/vendor/hal_telephony.te
new file mode 100644
index 00000000..880edae3
--- /dev/null
+++ b/sepolicy/vendor/hal_telephony.te
@@ -0,0 +1 @@
+dump_hal(hal_telephony)
diff --git a/sepolicy/vendor/hal_thermal.te b/sepolicy/vendor/hal_thermal.te
new file mode 100644
index 00000000..391de0f3
--- /dev/null
+++ b/sepolicy/vendor/hal_thermal.te
@@ -0,0 +1,17 @@
+binder_call(hal_thermal_default, servicemanager)
+
+get_prop(hal_thermal_default, vendor_thermal_prop)
+
+hal_client_domain(hal_thermal_default, hal_power)
+
+r_dir_file(hal_thermal_default, sysfs_iio_devices)
+r_dir_file(hal_thermal_default, sysfs_odpm)
+
+allow hal_thermal_default fwk_stats_service:service_manager find;
+allow hal_thermal_default proc_stat:file r_file_perms;
+allow hal_thermal_default self:{ netlink_generic_socket netlink_kobject_uevent_socket } create_socket_perms_no_ioctl;
+allow hal_thermal_default sysfs_gpu:file r_file_perms;
+allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
+allow hal_thermal_default sysfs_thermal:file rw_file_perms;
+allow hal_thermal_default sysfs_thermal:lnk_file r_file_perms;
+allow hal_thermal_default thermal_link_device:dir r_dir_perms;
diff --git a/sepolicy/whitechapel_pro/hal_usb_gadget_impl.te b/sepolicy/vendor/hal_usb_gadget_impl.te
similarity index 75%
rename from sepolicy/whitechapel_pro/hal_usb_gadget_impl.te
rename to sepolicy/vendor/hal_usb_gadget_impl.te
index ddda7eb9..a2b827f0 100644
--- a/sepolicy/whitechapel_pro/hal_usb_gadget_impl.te
+++ b/sepolicy/vendor/hal_usb_gadget_impl.te
@@ -1,21 +1,17 @@
 type hal_usb_gadget_impl, domain;
+type hal_usb_gadget_impl_exec, exec_type, file_type, vendor_file_type;
+
 hal_server_domain(hal_usb_gadget_impl, hal_usb)
 hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
 
-type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_usb_gadget_impl)
 
+set_prop(hal_usb_gadget_impl, vendor_usb_config_prop)
+
 allow hal_usb_gadget_impl configfs:dir { create rmdir };
 allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
-set_prop(hal_usb_gadget_impl, vendor_usb_config_prop)
-
-# parser the number of dwc3 irq
 allow hal_usb_gadget_impl proc_interrupts:file r_file_perms;
-
-# change irq to other cores
 allow hal_usb_gadget_impl proc_irq:dir r_dir_perms;
 allow hal_usb_gadget_impl proc_irq:file w_file_perms;
-
-# allow gadget hal to search hsi2c dir and write to usb_limit_accessory_enable/current
 allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
 allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_usb_impl.te b/sepolicy/vendor/hal_usb_impl.te
similarity index 67%
rename from sepolicy/whitechapel_pro/hal_usb_impl.te
rename to sepolicy/vendor/hal_usb_impl.te
index afc193db..d81e73ad 100644
--- a/sepolicy/whitechapel_pro/hal_usb_impl.te
+++ b/sepolicy/vendor/hal_usb_impl.te
@@ -1,36 +1,28 @@
 type hal_usb_impl, domain;
+type hal_usb_impl_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_usb_impl, servicemanager)
+
+hal_client_domain(hal_usb_impl, hal_thermal)
 
-type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_usb_impl)
 hal_server_domain(hal_usb_impl, hal_usb)
 hal_server_domain(hal_usb_impl, hal_usb_gadget)
 
-set_prop(hal_usb_impl, vendor_usb_config_prop)
-allow hal_usb_impl functionfs:dir { watch watch_reads };
+init_daemon_domain(hal_usb_impl)
 
+set_prop(hal_usb_impl, vendor_usb_config_prop)
+
+wakelock_use(hal_usb_impl)
+
+allow hal_usb_impl device:dir r_dir_perms;
+allow hal_usb_impl functionfs:dir { watch watch_reads };
+allow hal_usb_impl fwk_stats_service:service_manager find;
+allow hal_usb_impl self:capability2 wake_alarm;
 allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms;
 allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms;
-
-# Needed for reporting Usb Overheat suez event through statsd
-allow hal_usb_impl fwk_stats_service:service_manager find;
-binder_call(hal_usb_impl, servicemanager)
-
-# Needed for monitoring usb port temperature
-allow hal_usb_impl self:capability2 wake_alarm;
-wakelock_use(hal_usb_impl);
-
-# For interfacing with ThermalHAL
-hal_client_domain(hal_usb_impl, hal_thermal);
-
-# For reading the usb-c throttling stats
+allow hal_usb_impl sysfs_udc:file r_file_perms;
 allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
-
-# For issuing vendor commands to USB hub via libusbhost
-allow hal_usb_impl device:dir r_dir_perms;
-allow hal_usb_impl usb_device:chr_file rw_file_perms;
-allow hal_usb_impl usb_device:dir r_dir_perms;
-
-# For monitoring usb sysfs attributes
 allow hal_usb_impl sysfs_wakeup:dir search;
 allow hal_usb_impl sysfs_wakeup:file r_file_perms;
-allow hal_usb_impl sysfs_udc:file r_file_perms;
+allow hal_usb_impl usb_device:chr_file rw_file_perms;
+allow hal_usb_impl usb_device:dir r_dir_perms;
diff --git a/sepolicy/vendor/hal_uwb_vendor.te b/sepolicy/vendor/hal_uwb_vendor.te
new file mode 100644
index 00000000..723b899a
--- /dev/null
+++ b/sepolicy/vendor/hal_uwb_vendor.te
@@ -0,0 +1,31 @@
+type hal_uwb_vendor_default, domain;
+type hal_uwb_vendor_default_exec, exec_type, file_type, vendor_file_type;
+type hal_uwb_vendor_service, hal_service_type, service_manager_type;
+
+add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
+
+binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server)
+binder_call(hal_uwb_vendor_default, uwb_vendor_app)
+binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client)
+binder_call(hal_uwb_vendor_server, servicemanager)
+
+dump_hal(hal_uwb_vendor)
+
+get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)
+
+hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb)
+hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
+
+init_daemon_domain(hal_uwb_vendor_default)
+
+allow hal_uwb_vendor self:global_capability_class_set net_admin;
+allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_uwb_vendor self:udp_socket create_socket_perms;
+allow hal_uwb_vendor_default kernel:process setsched;
+allow hal_uwb_vendor_default self:global_capability_class_set sys_nice;
+allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
+allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
+
+allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCETHTOOL SIOCSIFFLAGS SIOCSIFHWADDR };
diff --git a/sepolicy/tracking_denials/hal_vibrator_default.te b/sepolicy/vendor/hal_vibrator.te
similarity index 67%
rename from sepolicy/tracking_denials/hal_vibrator_default.te
rename to sepolicy/vendor/hal_vibrator.te
index 87fc4f03..92ee7870 100644
--- a/sepolicy/tracking_denials/hal_vibrator_default.te
+++ b/sepolicy/vendor/hal_vibrator.te
@@ -1,2 +1 @@
-# b/360057889
-dontaudit hal_vibrator_default default_android_service:service_manager { find };
+dontaudit hal_vibrator_default default_android_service:service_manager find;
diff --git a/sepolicy/vendor/hal_weaver_citadel.te b/sepolicy/vendor/hal_weaver_citadel.te
new file mode 100644
index 00000000..661d7ec9
--- /dev/null
+++ b/sepolicy/vendor/hal_weaver_citadel.te
@@ -0,0 +1,14 @@
+type hal_weaver_citadel, domain;
+type hal_weaver_citadel_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(hal_weaver_citadel, citadeld)
+
+hal_server_domain(hal_weaver_citadel, hal_authsecret)
+hal_server_domain(hal_weaver_citadel, hal_oemlock)
+hal_server_domain(hal_weaver_citadel, hal_weaver)
+
+init_daemon_domain(hal_weaver_citadel)
+
+vndbinder_use(hal_weaver_citadel)
+
+allow hal_weaver_citadel citadeld_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/hal_wifi_ext.te b/sepolicy/vendor/hal_wifi_ext.te
similarity index 58%
rename from sepolicy/whitechapel_pro/hal_wifi_ext.te
rename to sepolicy/vendor/hal_wifi_ext.te
index 9b52d7aa..1b5d848f 100644
--- a/sepolicy/whitechapel_pro/hal_wifi_ext.te
+++ b/sepolicy/vendor/hal_wifi_ext.te
@@ -1,9 +1,6 @@
-# Allow wifi_ext to report callbacks to gril-service app
 binder_call(hal_wifi_ext, grilservice_app)
 
-# Write wlan driver/fw version into property
 set_prop(hal_wifi_ext, vendor_wifi_version)
 
-# Allow wifi_ext to read and write /data/vendor/firmware/wifi
 allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
 allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;
diff --git a/sepolicy/whitechapel_pro/hal_wireless_charger.te b/sepolicy/vendor/hal_wireless_charger.te
similarity index 66%
rename from sepolicy/whitechapel_pro/hal_wireless_charger.te
rename to sepolicy/vendor/hal_wireless_charger.te
index 8d6c0118..9166ad0b 100644
--- a/sepolicy/whitechapel_pro/hal_wireless_charger.te
+++ b/sepolicy/vendor/hal_wireless_charger.te
@@ -1,5 +1,5 @@
 type hal_wireless_charger, domain;
-type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;
+type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;
 
 r_dir_file(hal_wireless_charger, sysfs_wlc)
 
diff --git a/sepolicy/whitechapel_pro/hal_wlc.te b/sepolicy/vendor/hal_wlc.te
similarity index 75%
rename from sepolicy/whitechapel_pro/hal_wlc.te
rename to sepolicy/vendor/hal_wlc.te
index 1cf9d034..ae4141d5 100644
--- a/sepolicy/whitechapel_pro/hal_wlc.te
+++ b/sepolicy/vendor/hal_wlc.te
@@ -1,14 +1,18 @@
 type hal_wlc, domain;
-type hal_wlc_exec, exec_type, vendor_file_type, file_type;
+type hal_wlc_exec, exec_type, file_type, vendor_file_type;
+type hal_wlc_hwservice, hwservice_manager_type;
+
+add_hwservice(hal_wlc, hal_wlc_hwservice)
+
+binder_call(hal_wlc, platform_app)
+binder_call(hal_wlc, system_app)
+
+get_prop(hal_wlc, hwservicemanager_prop)
+
+hwbinder_use(hal_wlc)
 
 init_daemon_domain(hal_wlc)
-hwbinder_use(hal_wlc)
-add_hwservice(hal_wlc, hal_wlc_hwservice)
-get_prop(hal_wlc, hwservicemanager_prop)
 
 r_dir_file(hal_wlc, sysfs_batteryinfo)
 
 allow hal_wlc self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-binder_call(hal_wlc, platform_app)
-binder_call(hal_wlc, system_app)
diff --git a/sepolicy/whitechapel_pro/hbmsvmanager_app.te b/sepolicy/vendor/hbmsvmanager_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/hbmsvmanager_app.te
rename to sepolicy/vendor/hbmsvmanager_app.te
index bbedea8c..da9ea389 100644
--- a/sepolicy/whitechapel_pro/hbmsvmanager_app.te
+++ b/sepolicy/vendor/hbmsvmanager_app.te
@@ -1,2 +1,3 @@
-allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
 binder_call(hbmsvmanager_app, hal_graphics_composer_default)
+
+allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/hwservice.te b/sepolicy/vendor/hwservice.te
similarity index 50%
rename from sepolicy/whitechapel_pro/hwservice.te
rename to sepolicy/vendor/hwservice.te
index 983e5a3f..c51a611c 100644
--- a/sepolicy/whitechapel_pro/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,15 +1,5 @@
-# dmd servcie
-type hal_vendor_oem_hwservice, hwservice_manager_type;
-
-# GRIL service
-type hal_radioext_hwservice, hwservice_manager_type;
-
-# WLC
-type hal_wlc_hwservice, hwservice_manager_type;
-
-# rild service
+type hal_audio_ext_hwservice, hwservice_manager_type;
+type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_exynos_rild_hwservice, hwservice_manager_type;
-
-# Fingerprint
 type hal_fingerprint_ext_hwservice, hwservice_manager_type;
-
+type hal_vendor_oem_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts
new file mode 100644
index 00000000..91f2a493
--- /dev/null
+++ b/sepolicy/vendor/hwservice_contexts
@@ -0,0 +1,9 @@
+hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
+vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0
+vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0
+vendor.google.whitechapel.audio.audioext::IAudioExt u:object_r:hal_audio_ext_hwservice:s0
+vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0
+vendor.samsung_slsi.telephony.hardware.oemservice::IOemService u:object_r:hal_vendor_oem_hwservice:s0
+vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal u:object_r:hal_exynos_rild_hwservice:s0
diff --git a/sepolicy/whitechapel_pro/hwservicemanager.te b/sepolicy/vendor/hwservicemanager.te
similarity index 100%
rename from sepolicy/whitechapel_pro/hwservicemanager.te
rename to sepolicy/vendor/hwservicemanager.te
diff --git a/sepolicy/whitechapel_pro/vendor_ims_app.te b/sepolicy/vendor/ims_app.te
similarity index 90%
rename from sepolicy/whitechapel_pro/vendor_ims_app.te
rename to sepolicy/vendor/ims_app.te
index ed65eae1..0d7a2582 100644
--- a/sepolicy/whitechapel_pro/vendor_ims_app.te
+++ b/sepolicy/vendor/ims_app.te
@@ -1,20 +1,21 @@
 type vendor_ims_app, domain;
+
 app_domain(vendor_ims_app)
+
+binder_call(vendor_ims_app, rild)
+
+get_prop(vendor_ims_app, vendor_imssvc_prop)
+
 net_domain(vendor_ims_app)
 
+set_prop(vendor_ims_app, radio_prop)
+set_prop(vendor_ims_app, vendor_rild_prop)
+
 allow vendor_ims_app app_api_service:service_manager find;
 allow vendor_ims_app audioserver_service:service_manager find;
-
-allow vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager find;
-allow vendor_ims_app radio_service:service_manager find;
-
-allow vendor_ims_app mediaserver_service:service_manager find;
 allow vendor_ims_app cameraserver_service:service_manager find;
+allow vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager find;
 allow vendor_ims_app mediametrics_service:service_manager find;
-
-allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
-
-binder_call(vendor_ims_app, rild)
-set_prop(vendor_ims_app, vendor_rild_prop)
-set_prop(vendor_ims_app, radio_prop)
-get_prop(vendor_ims_app, vendor_imssvc_prop)
+allow vendor_ims_app mediaserver_service:service_manager find;
+allow vendor_ims_app radio_service:service_manager find;
+allow vendor_ims_app self:udp_socket create_socket_perms_no_ioctl;
diff --git a/sepolicy/whitechapel_pro/vendor_ims_remote_app.te b/sepolicy/vendor/ims_remote_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_ims_remote_app.te
rename to sepolicy/vendor/ims_remote_app.te
index f5d3846e..9c1e1875 100644
--- a/sepolicy/whitechapel_pro/vendor_ims_remote_app.te
+++ b/sepolicy/vendor/ims_remote_app.te
@@ -1,4 +1,5 @@
 type vendor_ims_remote_app, domain;
+
 app_domain(vendor_ims_remote_app)
 
 allow vendor_ims_remote_app app_api_service:service_manager find;
diff --git a/sepolicy/vendor/init-camera-set-interrupts-ownership.te b/sepolicy/vendor/init-camera-set-interrupts-ownership.te
new file mode 100644
index 00000000..06b42a46
--- /dev/null
+++ b/sepolicy/vendor/init-camera-set-interrupts-ownership.te
@@ -0,0 +1,10 @@
+type init-camera-set-interrupts-ownership, domain;
+type init-camera-set-interrupts-ownership_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(init-camera-set-interrupts-ownership)
+
+allow init-camera-set-interrupts-ownership proc_interrupts:file r_file_perms;
+allow init-camera-set-interrupts-ownership proc_irq:dir r_dir_perms;
+allow init-camera-set-interrupts-ownership proc_irq:file { r_file_perms setattr };
+allow init-camera-set-interrupts-ownership self:capability { chown setgid setuid };
+allow init-camera-set-interrupts-ownership vendor_toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/whitechapel_pro/init-display-sh.te b/sepolicy/vendor/init-display-sh.te
similarity index 79%
rename from sepolicy/whitechapel_pro/init-display-sh.te
rename to sepolicy/vendor/init-display-sh.te
index 7f64b782..d462cb1b 100644
--- a/sepolicy/whitechapel_pro/init-display-sh.te
+++ b/sepolicy/vendor/init-display-sh.te
@@ -1,12 +1,11 @@
 type init-display-sh, domain;
-type init-display-sh_exec, vendor_file_type, exec_type, file_type;
+type init-display-sh_exec, exec_type, file_type, vendor_file_type;
+
 init_daemon_domain(init-display-sh)
 
+allow init-display-sh kmsg_device:chr_file w_file_perms;
 allow init-display-sh self:capability sys_module;
 allow init-display-sh vendor_kernel_modules:system module_load;
 allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
 
 dontaudit init-display-sh proc_cmdline:file r_file_perms;
-
-# Allow modprobe to log to kmsg.
-allow init-display-sh kmsg_device:chr_file w_file_perms;
diff --git a/sepolicy/vendor/init-thermal-logging-sh.te b/sepolicy/vendor/init-thermal-logging-sh.te
new file mode 100644
index 00000000..d6f5572a
--- /dev/null
+++ b/sepolicy/vendor/init-thermal-logging-sh.te
@@ -0,0 +1,4 @@
+type init-thermal-logging-sh, domain;
+type init-thermal-logging-sh_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(init-thermal-logging-sh)
diff --git a/sepolicy/vendor/init-thermal-symlinks-sh.te b/sepolicy/vendor/init-thermal-symlinks-sh.te
new file mode 100644
index 00000000..495c1934
--- /dev/null
+++ b/sepolicy/vendor/init-thermal-symlinks-sh.te
@@ -0,0 +1,12 @@
+type init-thermal-symlinks-sh, domain;
+type init-thermal-symlinks-sh_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(init-thermal-symlinks-sh)
+
+r_dir_file(init-thermal-symlinks-sh, sysfs_thermal)
+
+set_prop(init-thermal-symlinks-sh, vendor_thermal_prop)
+
+allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms;
+allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms;
+allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
new file mode 100644
index 00000000..274e2192
--- /dev/null
+++ b/sepolicy/vendor/init.te
@@ -0,0 +1,59 @@
+get_prop(vendor_init, system_boot_reason_prop)
+get_prop(vendor_init, telephony_modem_prop)
+get_prop(vendor_init, vendor_battery_profile_prop)
+get_prop(vendor_init, vendor_brownout_br_feasible_prop)
+get_prop(vendor_init, vendor_trusty_storage_prop)
+
+set_prop(vendor_init, logpersistd_logging_prop)
+set_prop(vendor_init, vendor_arm_runtime_option_prop)
+set_prop(vendor_init, vendor_audio_prop)
+set_prop(vendor_init, vendor_audio_prop_restricted)
+set_prop(vendor_init, vendor_battery_defender_prop)
+set_prop(vendor_init, vendor_brownout_reason_prop)
+set_prop(vendor_init, vendor_camera_prop)
+set_prop(vendor_init, vendor_carrier_prop)
+set_prop(vendor_init, vendor_cbd_prop)
+set_prop(vendor_init, vendor_chre_hal_prop)
+set_prop(vendor_init, vendor_device_prop)
+set_prop(vendor_init, vendor_display_prop)
+set_prop(vendor_init, vendor_fingerprint_prop)
+set_prop(vendor_init, vendor_ims_prop)
+set_prop(vendor_init, vendor_intelligence_prop)
+set_prop(vendor_init, vendor_logger_prop)
+set_prop(vendor_init, vendor_modem_prop)
+set_prop(vendor_init, vendor_nfc_prop)
+set_prop(vendor_init, vendor_rild_prop)
+set_prop(vendor_init, vendor_secure_element_prop)
+set_prop(vendor_init, vendor_ssrdump_prop)
+set_prop(vendor_init, vendor_thermal_prop)
+set_prop(vendor_init, vendor_usb_config_prop)
+
+allow init boot_block_device:lnk_file relabelto;
+allow init custom_ab_block_device:lnk_file relabelto;
+allow init intelligence_data_file:dir mounton;
+allow init mnt_vendor_file:dir mounton;
+allow init modem_efs_file:dir mounton;
+allow init modem_img_file:dir mounton;
+allow init modem_img_file:filesystem { getattr mount relabelfrom };
+allow init modem_userdata_file:dir mounton;
+allow init persist_file:dir mounton;
+allow init ram_device:blk_file w_file_perms;
+allow init sysfs_scsi_devices_0000:file w_file_perms;
+allow init userdata_exp_block_device:blk_file write;
+allow vendor_init bootdevice_sysdev:file create_file_perms;
+allow vendor_init modem_img_file:filesystem getattr;
+allow vendor_init proc_compaction_proactiveness:file w_file_perms;
+allow vendor_init proc_dirty:file w_file_perms;
+allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms;
+allow vendor_init proc_sched:file w_file_perms;
+allow vendor_init proc_watermark_scale_factor:file w_file_perms;
+allow vendor_init sg_device:chr_file r_file_perms;
+allow vendor_init sysfs_st33spi:file w_file_perms;
+allow vendor_init tee_data_file:lnk_file read;
+allow vendor_init thermal_link_device:dir r_dir_perms;
+allow vendor_init thermal_link_device:lnk_file r_file_perms;
+
+dontaudit init overlayfs_file:chr_file unlink;
+dontaudit init overlayfs_file:file rename;
+dontaudit vendor_init default_prop:file read;
+dontaudit vendor_init default_prop:property_service set;
diff --git a/sepolicy/vendor/init_citadel.te b/sepolicy/vendor/init_citadel.te
new file mode 100644
index 00000000..7f5f2541
--- /dev/null
+++ b/sepolicy/vendor/init_citadel.te
@@ -0,0 +1,12 @@
+type init_citadel, domain;
+type init_citadel_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(init_citadel, citadeld)
+
+init_daemon_domain(init_citadel)
+
+vndbinder_use(init_citadel)
+
+allow init_citadel citadel_updater:file rx_file_perms;
+allow init_citadel citadeld_service:service_manager find;
+allow init_citadel vendor_toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/whitechapel_pro/init_radio.te b/sepolicy/vendor/init_radio.te
similarity index 69%
rename from sepolicy/whitechapel_pro/init_radio.te
rename to sepolicy/vendor/init_radio.te
index 3a29edf3..dcda9e9b 100644
--- a/sepolicy/whitechapel_pro/init_radio.te
+++ b/sepolicy/vendor/init_radio.te
@@ -1,8 +1,8 @@
 type init_radio, domain;
-type init_radio_exec, exec_type, vendor_file_type, file_type;
+type init_radio_exec, exec_type, file_type, vendor_file_type;
 
-init_daemon_domain(init_radio);
+init_daemon_domain(init_radio)
 
-allow init_radio vendor_toolbox_exec:file execute_no_trans;
 allow init_radio radio_vendor_data_file:dir create_dir_perms;
 allow init_radio radio_vendor_data_file:file create_file_perms;
+allow init_radio vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/insmod-sh.te b/sepolicy/vendor/insmod-sh.te
new file mode 100644
index 00000000..060b7b74
--- /dev/null
+++ b/sepolicy/vendor/insmod-sh.te
@@ -0,0 +1,20 @@
+type insmod-sh, domain;
+type insmod-sh_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(insmod-sh)
+
+set_prop(insmod-sh, vendor_device_prop)
+
+allow insmod-sh debugfs_mgm:dir search;
+allow insmod-sh kernel:process setsched;
+allow insmod-sh kmsg_debug_device:chr_file rw_file_perms;
+allow insmod-sh self:capability sys_module;
+allow insmod-sh self:capability sys_nice;
+allow insmod-sh system_dlkm_file:dir r_dir_perms;
+allow insmod-sh system_dlkm_file:file r_file_perms;
+allow insmod-sh system_dlkm_file:system module_load;
+allow insmod-sh vendor_kernel_modules:system module_load;
+allow insmod-sh vendor_regmap_debugfs:dir search;
+allow insmod-sh vendor_toolbox_exec:file execute_no_trans;
+
+dontaudit insmod-sh proc_cmdline:file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/installd.te b/sepolicy/vendor/installd.te
similarity index 100%
rename from sepolicy/whitechapel_pro/installd.te
rename to sepolicy/vendor/installd.te
diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
new file mode 100644
index 00000000..a0ab3041
--- /dev/null
+++ b/sepolicy/vendor/kernel.te
@@ -0,0 +1,10 @@
+allow kernel per_boot_file:file r_file_perms;
+allow kernel self:capability2 perfmon;
+allow kernel self:perf_event cpu;
+allow kernel userdata_exp_block_device:blk_file { read write };
+allow kernel vendor_fw_file:dir r_dir_perms;
+allow kernel vendor_fw_file:file r_file_perms;
+
+dontaudit kernel sepolicy_file:file getattr;
+dontaudit kernel system_bootstrap_lib_file:{ dir file } getattr;
+dontaudit kernel system_dlkm_file:dir getattr;
diff --git a/sepolicy/whitechapel_pro/logd.te b/sepolicy/vendor/logd.te
similarity index 100%
rename from sepolicy/whitechapel_pro/logd.te
rename to sepolicy/vendor/logd.te
index ca969d80..0e67ccd5 100644
--- a/sepolicy/whitechapel_pro/logd.te
+++ b/sepolicy/vendor/logd.te
@@ -1,4 +1,4 @@
 r_dir_file(logd, logbuffer_device)
+
 allow logd logbuffer_device:chr_file r_file_perms;
 allow logd trusty_log_device:chr_file r_file_perms;
-
diff --git a/sepolicy/vendor/mediacodec_google.te b/sepolicy/vendor/mediacodec_google.te
new file mode 100644
index 00000000..43613d23
--- /dev/null
+++ b/sepolicy/vendor/mediacodec_google.te
@@ -0,0 +1,22 @@
+type mediacodec_google, domain;
+type mediacodec_google_exec, exec_type, file_type, vendor_file_type;
+
+crash_dump_fallback(mediacodec_google)
+
+hal_client_domain(mediacodec_google, hal_codec2)
+hal_client_domain(mediacodec_google, hal_graphics_allocator)
+
+hal_server_domain(mediacodec_google, hal_codec2)
+
+init_daemon_domain(mediacodec_google)
+
+vndbinder_use(mediacodec_google)
+
+allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
+allow mediacodec_google gpu_device:chr_file rw_file_perms;
+allow mediacodec_google video_device:chr_file rw_file_perms;
+
+neverallow mediacodec_google domain:{ rawip_socket tcp_socket udp_socket } *;
+neverallow mediacodec_google file_type:file execute_no_trans;
+neverallow mediacodec_google fs_type:file execute_no_trans;
diff --git a/sepolicy/vendor/mediacodec_samsung.te b/sepolicy/vendor/mediacodec_samsung.te
new file mode 100644
index 00000000..82de3950
--- /dev/null
+++ b/sepolicy/vendor/mediacodec_samsung.te
@@ -0,0 +1,30 @@
+type mediacodec_samsung, domain;
+type mediacodec_samsung_exec, exec_type, file_type, vendor_file_type;
+
+add_service(mediacodec_samsung, eco_service)
+
+binder_call(mediacodec_samsung, hal_camera_default)
+
+binder_use(mediacodec_samsung)
+
+crash_dump_fallback(mediacodec_samsung)
+
+hal_client_domain(mediacodec_samsung, hal_graphics_allocator)
+
+hal_server_domain(mediacodec_samsung, hal_codec2)
+
+init_daemon_domain(mediacodec_samsung)
+
+vndbinder_use(mediacodec_samsung)
+
+allow mediacodec_samsung dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_samsung gpu_device:chr_file rw_file_perms;
+allow mediacodec_samsung sysfs_force_empty:dir { getattr ioctl lock map open read watch watch_reads };
+allow mediacodec_samsung sysfs_force_empty:file rw_file_perms;
+allow mediacodec_samsung sysfs_mfc:dir r_dir_perms;
+allow mediacodec_samsung sysfs_mfc:file r_file_perms;
+allow mediacodec_samsung video_device:chr_file rw_file_perms;
+
+neverallow mediacodec_samsung domain:{ rawip_socket tcp_socket udp_socket } *;
+neverallow mediacodec_samsung file_type:file execute_no_trans;
+neverallow mediacodec_samsung fs_type:file execute_no_trans;
diff --git a/sepolicy/vendor/mediaserver.te b/sepolicy/vendor/mediaserver.te
new file mode 100644
index 00000000..1b0425f7
--- /dev/null
+++ b/sepolicy/vendor/mediaserver.te
@@ -0,0 +1 @@
+dontaudit mediaserver media_quality_service:service_manager find;
diff --git a/sepolicy/vendor/misc_writer.te b/sepolicy/vendor/misc_writer.te
new file mode 100644
index 00000000..8c75a172
--- /dev/null
+++ b/sepolicy/vendor/misc_writer.te
@@ -0,0 +1,4 @@
+get_prop(vendor_misc_writer, sota_prop)
+
+allow vendor_misc_writer flood_control:fd use;
+allow vendor_misc_writer flood_control:fifo_file { getattr write };
diff --git a/sepolicy/vendor/modem_diagnostic_app.te b/sepolicy/vendor/modem_diagnostic_app.te
new file mode 100644
index 00000000..ec8df100
--- /dev/null
+++ b/sepolicy/vendor/modem_diagnostic_app.te
@@ -0,0 +1,8 @@
+type modem_diagnostic_app, domain;
+
+app_domain(modem_diagnostic_app)
+
+net_domain(modem_diagnostic_app)
+
+allow modem_diagnostic_app app_api_service:service_manager find;
+allow modem_diagnostic_app radio_service:service_manager find;
diff --git a/sepolicy/vendor/modem_img_file.te b/sepolicy/vendor/modem_img_file.te
new file mode 100644
index 00000000..e9560f50
--- /dev/null
+++ b/sepolicy/vendor/modem_img_file.te
@@ -0,0 +1,3 @@
+type modem_img_file, contextmount_type, file_type, vendor_file_type;
+
+allow modem_img_file self:filesystem associate;
diff --git a/sepolicy/whitechapel_pro/modem_logging_control.te b/sepolicy/vendor/modem_logging_control.te
similarity index 91%
rename from sepolicy/whitechapel_pro/modem_logging_control.te
rename to sepolicy/vendor/modem_logging_control.te
index 7392297f..a0dc02f3 100644
--- a/sepolicy/whitechapel_pro/modem_logging_control.te
+++ b/sepolicy/vendor/modem_logging_control.te
@@ -1,17 +1,19 @@
 type modem_logging_control, domain;
-type modem_logging_control_exec, vendor_file_type, exec_type, file_type;
+type modem_logging_control_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(modem_logging_control, dmd)
+
+get_prop(modem_logging_control, hwservicemanager_prop)
+
+hwbinder_use(modem_logging_control)
 
 init_daemon_domain(modem_logging_control)
 
-hwbinder_use(modem_logging_control)
-binder_call(modem_logging_control, dmd)
+set_prop(modem_logging_control, vendor_modem_prop)
 
-allow modem_logging_control radio_device:chr_file rw_file_perms;
 allow modem_logging_control hal_vendor_oem_hwservice:hwservice_manager find;
+allow modem_logging_control radio_device:chr_file rw_file_perms;
 allow modem_logging_control radio_vendor_data_file:dir create_dir_perms;
 allow modem_logging_control radio_vendor_data_file:file create_file_perms;
 allow modem_logging_control vendor_slog_file:dir create_dir_perms;
 allow modem_logging_control vendor_slog_file:file create_file_perms;
-
-set_prop(modem_logging_control, vendor_modem_prop)
-get_prop(modem_logging_control, hwservicemanager_prop)
diff --git a/sepolicy/whitechapel_pro/modem_svc_sit.te b/sepolicy/vendor/modem_svc_sit.te
similarity index 59%
rename from sepolicy/whitechapel_pro/modem_svc_sit.te
rename to sepolicy/vendor/modem_svc_sit.te
index 373fdf63..7078339d 100644
--- a/sepolicy/whitechapel_pro/modem_svc_sit.te
+++ b/sepolicy/vendor/modem_svc_sit.te
@@ -1,55 +1,35 @@
-# Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
-type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(modem_svc_sit)
+type modem_svc_sit_exec, exec_type, file_type, vendor_file_type;
 
-hwbinder_use(modem_svc_sit)
 binder_call(modem_svc_sit, rild)
 
-# Grant sysfs modem access
-allow modem_svc_sit sysfs_modem:file rw_file_perms;
-
-# Grant radio device access
-allow modem_svc_sit radio_device:chr_file rw_file_perms;
-
-# Grant vendor radio and modem file/dir creation permission
-allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
-allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
-allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
-allow modem_svc_sit modem_stat_data_file:file create_file_perms;
-
-allow modem_svc_sit vendor_fw_file:dir search;
-allow modem_svc_sit vendor_fw_file:file r_file_perms;
-
-allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
-allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
-allow modem_svc_sit modem_userdata_file:file create_file_perms;
-
-# RIL property
+get_prop(modem_svc_sit, hwservicemanager_prop)
+get_prop(modem_svc_sit, vendor_logger_prop)
 get_prop(modem_svc_sit, vendor_rild_prop)
 
-# Modem property
-set_prop(modem_svc_sit, vendor_modem_prop)
+hwbinder_use(modem_svc_sit)
 
-# hwservice permission
-allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
-get_prop(modem_svc_sit, hwservicemanager_prop)
+init_daemon_domain(modem_svc_sit)
 
-# logging property
-get_prop(modem_svc_sit, vendor_logger_prop)
-
-userdebug_or_eng(`
-  allow modem_svc_sit radio_test_device:chr_file rw_file_perms;
-')
-
-# Write trace data to the Perfetto traced daemon. This requires connecting to
-# its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(modem_svc_sit)
 
-# Allow modem_svc_sit to access modem image file/dir
-allow modem_svc_sit modem_img_file:dir r_dir_perms;
-allow modem_svc_sit modem_img_file:file r_file_perms;
-allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
+r_dir_file(modem_svc_sit, modem_img_file)
 
-# Allow modem_svc_sit to access socket for UMI
+set_prop(modem_svc_sit, vendor_modem_prop)
+
+unix_socket_connect(modem_svc_sit, property, traced)
+unix_socket_connect(modem_svc_sit, traced_producer, init)
+
+allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
+allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
+allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
+allow modem_svc_sit modem_stat_data_file:file create_file_perms;
+allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
+allow modem_svc_sit modem_userdata_file:file create_file_perms;
+allow modem_svc_sit radio_device:chr_file rw_file_perms;
+allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
+allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
 allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink write };
+allow modem_svc_sit sysfs_modem:file rw_file_perms;
+allow modem_svc_sit vendor_fw_file:dir search;
+allow modem_svc_sit vendor_fw_file:file r_file_perms;
diff --git a/sepolicy/vendor/netd.te b/sepolicy/vendor/netd.te
new file mode 100644
index 00000000..948fa898
--- /dev/null
+++ b/sepolicy/vendor/netd.te
@@ -0,0 +1,2 @@
+allow netd vendor_pcs_app:fd use;
+allow netd vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
diff --git a/sepolicy/vendor/netutils_wrapper.te b/sepolicy/vendor/netutils_wrapper.te
new file mode 100644
index 00000000..7de26b2f
--- /dev/null
+++ b/sepolicy/vendor/netutils_wrapper.te
@@ -0,0 +1,4 @@
+allow netutils_wrapper pktrouter:fd use;
+allow netutils_wrapper pktrouter:fifo_file write;
+allow netutils_wrapper pktrouter:{ netlink_route_socket packet_socket rawip_socket udp_socket } { read write };
+allow netutils_wrapper pktrouter_device:chr_file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/nfc.te b/sepolicy/vendor/nfc.te
similarity index 64%
rename from sepolicy/whitechapel_pro/nfc.te
rename to sepolicy/vendor/nfc.te
index 80784434..a3a4f669 100644
--- a/sepolicy/whitechapel_pro/nfc.te
+++ b/sepolicy/vendor/nfc.te
@@ -1,2 +1,3 @@
 allow nfc proc_vendor_sched:dir r_dir_perms;
 allow nfc proc_vendor_sched:file w_file_perms;
+allow nfc vendor_nfc_vendor_data_file:dir search;
diff --git a/sepolicy/vendor/nos_citadel_version.te b/sepolicy/vendor/nos_citadel_version.te
new file mode 100644
index 00000000..2e1c4eca
--- /dev/null
+++ b/sepolicy/vendor/nos_citadel_version.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_nos_citadel_version)
diff --git a/sepolicy/whitechapel_pro/oemrilservice_app.te b/sepolicy/vendor/oemrilservice_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/oemrilservice_app.te
rename to sepolicy/vendor/oemrilservice_app.te
index b055dbea..916b7d67 100644
--- a/sepolicy/whitechapel_pro/oemrilservice_app.te
+++ b/sepolicy/vendor/oemrilservice_app.te
@@ -1,9 +1,11 @@
 type oemrilservice_app, domain;
+
 app_domain(oemrilservice_app)
 
+binder_call(oemrilservice_app, rild)
+
+set_prop(oemrilservice_app, vendor_rild_prop)
+
 allow oemrilservice_app app_api_service:service_manager find;
 allow oemrilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
 allow oemrilservice_app radio_service:service_manager find;
-
-binder_call(oemrilservice_app, rild)
-set_prop(oemrilservice_app, vendor_rild_prop)
diff --git a/sepolicy/vendor/ofl_app.te b/sepolicy/vendor/ofl_app.te
new file mode 100644
index 00000000..bd592c55
--- /dev/null
+++ b/sepolicy/vendor/ofl_app.te
@@ -0,0 +1 @@
+type ofl_app, domain;
diff --git a/sepolicy/whitechapel_pro/omadm.te b/sepolicy/vendor/omadm_app.te
similarity index 96%
rename from sepolicy/whitechapel_pro/omadm.te
rename to sepolicy/vendor/omadm_app.te
index 3990dd7b..5537f99b 100644
--- a/sepolicy/whitechapel_pro/omadm.te
+++ b/sepolicy/vendor/omadm_app.te
@@ -1,10 +1,10 @@
-# OMADM app
 type omadm_app, domain;
 
 app_domain(omadm_app)
+
 net_domain(omadm_app)
 
-allow omadm_app radio_vendor_data_file:dir rw_dir_perms;
-allow omadm_app radio_vendor_data_file:file create_file_perms;
 allow omadm_app app_api_service:service_manager find;
 allow omadm_app radio_service:service_manager find;
+allow omadm_app radio_vendor_data_file:dir rw_dir_perms;
+allow omadm_app radio_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/pbcs_app.te b/sepolicy/vendor/pbcs_app.te
new file mode 100644
index 00000000..761e8ef2
--- /dev/null
+++ b/sepolicy/vendor/pbcs_app.te
@@ -0,0 +1,7 @@
+add_service(vendor_pbcs_app, camera_binder_service)
+add_service(vendor_pbcs_app, camera_cameraidremapper_service)
+add_service(vendor_pbcs_app, camera_lyricconfigprovider_service)
+
+binder_call(vendor_pbcs_app, hal_camera_default)
+
+get_prop(vendor_pbcs_app, vendor_camera_pbcs_debug_prop)
diff --git a/sepolicy/vendor/pcs_app.te b/sepolicy/vendor/pcs_app.te
new file mode 100644
index 00000000..234bcc87
--- /dev/null
+++ b/sepolicy/vendor/pcs_app.te
@@ -0,0 +1,13 @@
+binder_call(vendor_pcs_app, hal_camera_default)
+
+unix_socket_connect(vendor_pcs_app, fwmarkd, netd)
+
+allow vendor_pcs_app camera_cameraidremapper_service:service_manager find;
+allow vendor_pcs_app camera_lyricconfigprovider_service:service_manager find;
+allow vendor_pcs_app edgetpu_app_service:service_manager find;
+allow vendor_pcs_app edgetpu_device:chr_file { getattr ioctl map read write };
+allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
+allow vendor_pcs_app node:udp_socket node_bind;
+allow vendor_pcs_app port:tcp_socket name_connect;
+allow vendor_pcs_app port:udp_socket name_bind;
+allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
diff --git a/sepolicy/vendor/pixel-thermal-control-sh.te b/sepolicy/vendor/pixel-thermal-control-sh.te
new file mode 100644
index 00000000..4912b41b
--- /dev/null
+++ b/sepolicy/vendor/pixel-thermal-control-sh.te
@@ -0,0 +1,4 @@
+type pixel-thermal-control-sh, domain;
+type pixel-thermal-control-sh_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(pixel-thermal-control-sh)
diff --git a/sepolicy/vendor/pixelstats_vendor.te b/sepolicy/vendor/pixelstats_vendor.te
new file mode 100644
index 00000000..c873ff32
--- /dev/null
+++ b/sepolicy/vendor/pixelstats_vendor.te
@@ -0,0 +1,65 @@
+binder_call(pixelstats_vendor, stats_service_server)
+
+binder_use(pixelstats_vendor)
+
+get_prop(pixelstats_vendor, boottime_public_prop)
+get_prop(pixelstats_vendor, hwservicemanager_prop)
+get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop)
+get_prop(pixelstats_vendor, vendor_brownout_reason_prop)
+
+hwbinder_use(pixelstats_vendor)
+
+init_daemon_domain(pixelstats_vendor)
+
+r_dir_file(pixelstats_vendor, proc_vendor_mm)
+r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
+r_dir_file(pixelstats_vendor, sysfs_thermal)
+r_dir_file(pixelstats_vendor, sysfs_vendor_metrics)
+r_dir_file(pixelstats_vendor, sysfs_vendor_mm)
+
+unix_socket_connect(pixelstats_vendor, chre, hal_contexthub_default)
+
+allow pixelstats_vendor battery_history_device:chr_file r_file_perms;
+allow pixelstats_vendor block_device:dir search;
+allow pixelstats_vendor dm_device:blk_file getattr;
+allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find;
+allow pixelstats_vendor fwk_sensor_service:service_manager find;
+allow pixelstats_vendor fwk_stats_service:service_manager find;
+allow pixelstats_vendor kernel:dir search;
+allow pixelstats_vendor kernel:file r_file_perms;
+allow pixelstats_vendor logbuffer_device:chr_file r_file_perms;
+allow pixelstats_vendor mitigation_vendor_data_file:dir search;
+allow pixelstats_vendor mitigation_vendor_data_file:file { read write };
+allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms;
+allow pixelstats_vendor mnt_vendor_file:dir search;
+allow pixelstats_vendor proc_meminfo:file r_file_perms;
+allow pixelstats_vendor proc_pressure_cpu:file r_file_perms;
+allow pixelstats_vendor proc_pressure_io:file r_file_perms;
+allow pixelstats_vendor proc_pressure_mem:file r_file_perms;
+allow pixelstats_vendor proc_stat:file r_file_perms;
+allow pixelstats_vendor proc_vmstat:file r_file_perms;
+allow pixelstats_vendor self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow pixelstats_vendor sysfs_batteryinfo:file w_file_perms;
+allow pixelstats_vendor sysfs_bcl:dir search;
+allow pixelstats_vendor sysfs_bcl:file r_file_perms;
+allow pixelstats_vendor sysfs_dm:dir search;
+allow pixelstats_vendor sysfs_dm:file { getattr open read };
+allow pixelstats_vendor sysfs_dma_heap:dir search;
+allow pixelstats_vendor sysfs_dma_heap:file r_file_perms;
+allow pixelstats_vendor sysfs_exynos_pcie_stats:dir search;
+allow pixelstats_vendor sysfs_exynos_pcie_stats:file rw_file_perms;
+allow pixelstats_vendor sysfs_fs_f2fs:dir search;
+allow pixelstats_vendor sysfs_fs_f2fs:file rw_file_perms;
+allow pixelstats_vendor sysfs_ion:dir search;
+allow pixelstats_vendor sysfs_ion:file r_file_perms;
+allow pixelstats_vendor sysfs_pca:file rw_file_perms;
+allow pixelstats_vendor sysfs_pixel_stat:dir search;
+allow pixelstats_vendor sysfs_pixel_stat:file getattr;
+allow pixelstats_vendor sysfs_pixelstats:file r_file_perms;
+allow pixelstats_vendor sysfs_scsi_devices_0000:dir search;
+allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
+allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms;
+allow pixelstats_vendor sysfs_wlc:dir search;
+allow pixelstats_vendor sysfs_wlc:file rw_file_perms;
+allow pixelstats_vendor sysfs_zram:dir search;
+allow pixelstats_vendor sysfs_zram:file r_file_perms;
diff --git a/sepolicy/vendor/pktrouter.te b/sepolicy/vendor/pktrouter.te
new file mode 100644
index 00000000..4824d901
--- /dev/null
+++ b/sepolicy/vendor/pktrouter.te
@@ -0,0 +1,16 @@
+type pktrouter, domain;
+type pktrouter_exec, exec_type, file_type, vendor_file_type;
+
+domain_auto_trans(pktrouter, netutils_wrapper_exec, netutils_wrapper)
+
+get_prop(pktrouter, vendor_ims_prop)
+
+init_daemon_domain(pktrouter)
+
+net_domain(pktrouter)
+
+allow pktrouter pktrouter_device:chr_file rw_file_perms;
+allow pktrouter radio_device:chr_file r_file_perms;
+allow pktrouter self:capability net_raw;
+allow pktrouter self:netlink_route_socket nlmsg_write;
+allow pktrouter self:packet_socket { bind create getattr read shutdown write };
diff --git a/sepolicy/whitechapel_pro/platform_app.te b/sepolicy/vendor/platform_app.te
similarity index 60%
rename from sepolicy/whitechapel_pro/platform_app.te
rename to sepolicy/vendor/platform_app.te
index 1891caef..b582c413 100644
--- a/sepolicy/whitechapel_pro/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -1,23 +1,22 @@
+binder_call(platform_app, hal_graphics_composer_default)
+binder_call(platform_app, hal_wireless_charger)
+binder_call(platform_app, hal_wlc)
 binder_call(platform_app, rild)
-allow platform_app hal_exynos_rild_hwservice:hwservice_manager find;
+binder_call(platform_app, twoshay)
 
+get_prop(platform_app, fingerprint_ghbm_prop)
+
+set_prop(platform_app, bootanim_system_prop)
+
+allow platform_app edgetpu_device:chr_file { getattr ioctl map read write };
+allow platform_app gril_antenna_tuning_service:service_manager find;
+allow platform_app hal_exynos_rild_hwservice:hwservice_manager find;
 allow platform_app hal_pixel_display_service:service_manager find;
+allow platform_app hal_wireless_charger_service:service_manager find;
 allow platform_app hal_wlc_hwservice:hwservice_manager find;
 allow platform_app nfc_service:service_manager find;
 allow platform_app proc_vendor_sched:dir r_dir_perms;
 allow platform_app proc_vendor_sched:file w_file_perms;
-
-# Fingerprint (UDFPS) GHBM/LHBM toggle
-get_prop(platform_app, fingerprint_ghbm_prop)
-
-# allow systemui to set boot animation colors
-set_prop(platform_app, bootanim_system_prop);
-
-binder_call(platform_app, hal_wlc)
-
-# allow udfps of systemui access lhbm
-binder_call(platform_app, hal_graphics_composer_default)
-
-# WLC
-allow platform_app hal_wireless_charger_service:service_manager find;
-binder_call(platform_app, hal_wireless_charger)
+allow platform_app screen_protector_detector_service:service_manager find;
+allow platform_app touch_context_service:service_manager find;
+allow platform_app twoshay_notification_service:service_manager find;
diff --git a/sepolicy/vendor/priv_app.te b/sepolicy/vendor/priv_app.te
new file mode 100644
index 00000000..3f51945d
--- /dev/null
+++ b/sepolicy/vendor/priv_app.te
@@ -0,0 +1,3 @@
+allow priv_app edgetpu_app_service:service_manager find;
+allow priv_app edgetpu_device:chr_file { getattr ioctl map read write };
+allow priv_app edgetpu_nnapi_service:service_manager find;
diff --git a/sepolicy/vendor/proc_vendor_sched.te b/sepolicy/vendor/proc_vendor_sched.te
new file mode 100644
index 00000000..af038620
--- /dev/null
+++ b/sepolicy/vendor/proc_vendor_sched.te
@@ -0,0 +1,3 @@
+allow proc_vendor_sched proc:filesystem associate;
+allow { domain -appdomain -rs } proc_vendor_sched:dir r_dir_perms;
+allow { domain -appdomain -rs } proc_vendor_sched:file w_file_perms;
diff --git a/sepolicy/whitechapel_pro/property.te b/sepolicy/vendor/property.te
similarity index 56%
rename from sepolicy/whitechapel_pro/property.te
rename to sepolicy/vendor/property.te
index 2dfe16d1..6dbde69d 100644
--- a/sepolicy/whitechapel_pro/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,52 +1,59 @@
-# whitechapel_pro Property Define
+system_internal_prop(vendor_pss_systemphenotype_prop)
 
-vendor_internal_prop(vendor_diag_prop)
-vendor_internal_prop(vendor_slog_prop)
-vendor_internal_prop(vendor_modem_prop)
-vendor_internal_prop(vendor_persist_config_default_prop)
-vendor_internal_prop(vendor_cbd_prop)
-vendor_internal_prop(vendor_rild_prop)
-vendor_internal_prop(vendor_gril_prop)
-vendor_internal_prop(vendor_carrier_prop)
-vendor_internal_prop(vendor_ssrdump_prop)
-vendor_internal_prop(vendor_wifi_version)
-vendor_internal_prop(vendor_nfc_prop)
-vendor_internal_prop(vendor_secure_element_prop)
-vendor_internal_prop(vendor_battery_profile_prop)
-vendor_internal_prop(vendor_battery_defender_prop)
-vendor_internal_prop(vendor_shutdown_prop)
-vendor_internal_prop(vendor_imssvc_prop)
-vendor_internal_prop(vendor_camera_prop)
-vendor_internal_prop(vendor_camera_fatp_prop)
-vendor_internal_prop(vendor_usb_config_prop)
-vendor_internal_prop(vendor_tcpdump_log_prop)
-vendor_internal_prop(vendor_gps_prop)
-vendor_internal_prop(vendor_ro_sys_default_prop)
-vendor_internal_prop(vendor_persist_sys_default_prop)
-vendor_internal_prop(vendor_display_prop)
+system_public_prop(vendor_edgetpu_service_prop)
+system_public_prop(vendor_intelligence_prop)
 
-# Fingerprint
-vendor_restricted_prop(vendor_fingerprint_prop)
-
-# UWB calibration
+system_vendor_config_prop(vendor_camera_pbcs_debug_prop)
+system_vendor_config_prop(vendor_edgetpu_cpu_scheduler_prop)
+system_vendor_config_prop(vendor_edgetpu_runtime_prop)
+system_vendor_config_prop(vendor_gxp_prop)
+system_vendor_config_prop(vendor_hetero_runtime_prop)
+system_vendor_config_prop(vendor_tflite_delegate_prop)
 system_vendor_config_prop(vendor_uwb_calibration_prop)
-# Country code must be vendor_public to be written by UwbVendorService and read by NFC HAL
-vendor_internal_prop(vendor_uwb_calibration_country_code)
 
-# Dynamic sensor
+vendor_internal_prop(vendor_aoc_prop)
+vendor_internal_prop(vendor_audio_prop)
+vendor_internal_prop(vendor_battery_defender_prop)
+vendor_internal_prop(vendor_battery_profile_prop)
+vendor_internal_prop(vendor_brownout_br_feasible_prop)
+vendor_internal_prop(vendor_camera_debug_prop)
+vendor_internal_prop(vendor_camera_fatp_prop)
+vendor_internal_prop(vendor_camera_prop)
+vendor_internal_prop(vendor_carrier_prop)
+vendor_internal_prop(vendor_cbd_prop)
+vendor_internal_prop(vendor_chre_hal_prop)
+vendor_internal_prop(vendor_device_prop)
+vendor_internal_prop(vendor_diag_prop)
+vendor_internal_prop(vendor_display_prop)
 vendor_internal_prop(vendor_dynamic_sensor_prop)
-
-# Telephony debug app
-vendor_internal_prop(vendor_telephony_app_prop)
-
-# Trusty storage FS ready
-vendor_internal_prop(vendor_trusty_storage_prop)
-
-# Mali Integration
-vendor_restricted_prop(vendor_arm_runtime_option_prop)
-
-# SJTAG lock state
+vendor_internal_prop(vendor_flood_prop)
+vendor_internal_prop(vendor_gps_prop)
+vendor_internal_prop(vendor_gril_prop)
+vendor_internal_prop(vendor_ims_prop)
+vendor_internal_prop(vendor_imssvc_prop)
+vendor_internal_prop(vendor_logger_prop)
+vendor_internal_prop(vendor_mitigation_ready_prop)
+vendor_internal_prop(vendor_modem_prop)
+vendor_internal_prop(vendor_nfc_prop)
+vendor_internal_prop(vendor_persist_config_default_prop)
+vendor_internal_prop(vendor_persist_sys_default_prop)
+vendor_internal_prop(vendor_ramdump_prop)
+vendor_internal_prop(vendor_rild_prop)
+vendor_internal_prop(vendor_ro_sys_default_prop)
+vendor_internal_prop(vendor_secure_element_prop)
+vendor_internal_prop(vendor_shutdown_prop)
 vendor_internal_prop(vendor_sjtag_lock_state_prop)
+vendor_internal_prop(vendor_slog_prop)
+vendor_internal_prop(vendor_ssrdump_prop)
+vendor_internal_prop(vendor_tcpdump_log_prop)
+vendor_internal_prop(vendor_telephony_app_prop)
+vendor_internal_prop(vendor_thermal_prop)
+vendor_internal_prop(vendor_timeout_aoc_prop)
+vendor_internal_prop(vendor_trusty_storage_prop)
+vendor_internal_prop(vendor_usb_config_prop)
 
-# Bluetooth props
+vendor_public_prop(vendor_brownout_reason_prop)
+
+vendor_restricted_prop(vendor_arm_runtime_option_prop)
 vendor_restricted_prop(vendor_bluetooth_prop)
+vendor_restricted_prop(vendor_fingerprint_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
new file mode 100644
index 00000000..cfac665b
--- /dev/null
+++ b/sepolicy/vendor/property_contexts
@@ -0,0 +1,100 @@
+persist.vendor.aoc.status_request_timed_out u:object_r:vendor_timeout_aoc_prop:s0
+persist.vendor.app.audio. u:object_r:vendor_audio_prop_restricted:s0
+persist.vendor.audio. u:object_r:vendor_audio_prop:s0
+persist.vendor.camera. u:object_r:vendor_camera_prop:s0
+persist.vendor.camera.pbcs.debug. u:object_r:vendor_camera_pbcs_debug_prop:s0
+persist.vendor.cbd. u:object_r:vendor_cbd_prop:s0
+persist.vendor.config. u:object_r:vendor_persist_config_default_prop:s0
+persist.vendor.display. u:object_r:vendor_display_prop:s0
+persist.vendor.gps. u:object_r:vendor_gps_prop:s0
+persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0
+persist.vendor.intelligence u:object_r:vendor_intelligence_prop:s0
+persist.vendor.modem. u:object_r:vendor_modem_prop:s0
+persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
+persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0
+persist.vendor.radio. u:object_r:vendor_rild_prop:s0
+persist.vendor.radio.volte_mif_off u:object_r:vendor_volte_mif_off:s0
+persist.vendor.ril. u:object_r:vendor_rild_prop:s0
+persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
+persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0
+persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0
+persist.vendor.sys.diag. u:object_r:vendor_diag_prop:s0
+persist.vendor.sys.dm. u:object_r:vendor_diag_prop:s0
+persist.vendor.sys.modem. u:object_r:vendor_modem_prop:s0
+persist.vendor.sys.silentlog u:object_r:vendor_slog_prop:s0
+persist.vendor.sys.ssr. u:object_r:vendor_ssrdump_prop:s0
+persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
+persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_prop:s0
+persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0
+persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0
+ro.boot.ramdump u:object_r:vendor_ramdump_prop:s0
+ro.vendor.config.build_carrier u:object_r:vendor_carrier_prop:s0
+ro.vendor.flood. u:object_r:vendor_flood_prop:s0
+ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0
+ro.vendor.sjtag_ap_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0
+ro.vendor.sjtag_gsa_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0
+ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0
+ro.vendor.sys.modem. u:object_r:vendor_modem_prop:s0
+ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0
+ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string
+vendor.all.devices.ready u:object_r:vendor_device_prop:s0
+vendor.all.modules.ready u:object_r:vendor_device_prop:s0
+vendor.aoc.firmware.version u:object_r:vendor_aoc_prop:s0
+vendor.audio_hal.aidl.enable u:object_r:vendor_audio_prop:s0
+vendor.audio_hal.device.serialno u:object_r:vendor_audio_prop:s0
+vendor.audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0
+vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0
+vendor.audiodump.enable u:object_r:vendor_audio_prop:s0
+vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0
+vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0
+vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0
+vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0
+vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0
+vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
+vendor.brownout.br.feasible u:object_r:vendor_brownout_br_feasible_prop:s0
+vendor.brownout.mitigation.ready u:object_r:vendor_mitigation_ready_prop:s0
+vendor.brownout_reason u:object_r:vendor_brownout_reason_prop:s0
+vendor.camera. u:object_r:vendor_camera_prop:s0
+vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0
+vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0
+vendor.camera.pbcs.debug. u:object_r:vendor_camera_pbcs_debug_prop:s0
+vendor.cbd. u:object_r:vendor_cbd_prop:s0
+vendor.chre.multiclient_hal u:object_r:vendor_chre_hal_prop:s0
+vendor.common.modules.ready u:object_r:vendor_device_prop:s0
+vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0
+vendor.debug.ramdump. u:object_r:vendor_ramdump_prop:s0
+vendor.debug.ssrdump. u:object_r:vendor_ssrdump_prop:s0
+vendor.device.modules.ready u:object_r:vendor_device_prop:s0
+vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
+vendor.edgetpu.cpu_scheduler. u:object_r:vendor_edgetpu_cpu_scheduler_prop:s0
+vendor.edgetpu.runtime. u:object_r:vendor_edgetpu_runtime_prop:s0
+vendor.edgetpu.service. u:object_r:vendor_edgetpu_service_prop:s0
+vendor.edgetpu.tflite_delegate. u:object_r:vendor_tflite_delegate_prop:s0
+vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
+vendor.gf. u:object_r:vendor_fingerprint_prop:s0
+vendor.google.silicon. u:object_r:vendor_hetero_runtime_prop:s0
+vendor.gps. u:object_r:vendor_gps_prop:s0
+vendor.gril. u:object_r:vendor_gril_prop:s0
+vendor.gxp. u:object_r:vendor_gxp_prop:s0
+vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix
+vendor.modem. u:object_r:vendor_modem_prop:s0
+vendor.nos.citadel.version u:object_r:vendor_nos_citadel_version:s0
+vendor.pixel.system.phenotype. u:object_r:vendor_pss_systemphenotype_prop:s0
+vendor.pixellogger. u:object_r:vendor_logger_prop:s0
+vendor.pktrouter u:object_r:vendor_ims_prop:s0
+vendor.radio. u:object_r:vendor_rild_prop:s0
+vendor.ril. u:object_r:vendor_rild_prop:s0
+vendor.sys.diag. u:object_r:vendor_diag_prop:s0
+vendor.sys.dmd. u:object_r:vendor_diag_prop:s0
+vendor.sys.exynos.modempath u:object_r:vendor_modem_prop:s0
+vendor.sys.exynos.slog. u:object_r:vendor_slog_prop:s0
+vendor.sys.modem. u:object_r:vendor_modem_prop:s0
+vendor.sys.modem_reset u:object_r:vendor_modem_prop:s0
+vendor.sys.rild_reset u:object_r:vendor_rild_prop:s0
+vendor.sys.silentlog. u:object_r:vendor_slog_prop:s0
+vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0
+vendor.thermal. u:object_r:vendor_thermal_prop:s0
+vendor.usb. u:object_r:vendor_usb_config_prop:s0
+vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibration_country_code:s0 exact string
+vendor.wlan.driver.version u:object_r:vendor_wifi_version:s0
+vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0
diff --git a/sepolicy/whitechapel_pro/vendor_qualifiednetworks_app.te b/sepolicy/vendor/qualifiednetworks_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_qualifiednetworks_app.te
rename to sepolicy/vendor/qualifiednetworks_app.te
index e48601a8..20e16da8 100644
--- a/sepolicy/whitechapel_pro/vendor_qualifiednetworks_app.te
+++ b/sepolicy/vendor/qualifiednetworks_app.te
@@ -1,4 +1,5 @@
 type vendor_qualifiednetworks_app, domain;
+
 app_domain(vendor_qualifiednetworks_app)
 
 allow vendor_qualifiednetworks_app app_api_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/radio.te b/sepolicy/vendor/radio.te
similarity index 71%
rename from sepolicy/whitechapel_pro/radio.te
rename to sepolicy/vendor/radio.te
index c46d9924..8bb4e6bd 100644
--- a/sepolicy/whitechapel_pro/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -1,9 +1,9 @@
+binder_call(radio, hal_audio_default)
+
 set_prop(radio, telephony_ril_prop)
 
+allow radio hal_audio_ext_hwservice:hwservice_manager find;
 allow radio proc_vendor_sched:dir r_dir_perms;
 allow radio proc_vendor_sched:file w_file_perms;
-
 allow radio radio_vendor_data_file:dir rw_dir_perms;
 allow radio radio_vendor_data_file:file create_file_perms;
-
-allow radio hal_exynos_rild_hwservice:hwservice_manager find;
diff --git a/sepolicy/vendor/ramdump.te b/sepolicy/vendor/ramdump.te
new file mode 100644
index 00000000..c6de8729
--- /dev/null
+++ b/sepolicy/vendor/ramdump.te
@@ -0,0 +1,2 @@
+type ramdump, domain;
+type ramdump_exec, exec_type, file_type, vendor_file_type;
diff --git a/sepolicy/vendor/ramdump_app.te b/sepolicy/vendor/ramdump_app.te
new file mode 100644
index 00000000..d918f91f
--- /dev/null
+++ b/sepolicy/vendor/ramdump_app.te
@@ -0,0 +1 @@
+type ramdump_app, domain;
diff --git a/sepolicy/whitechapel_pro/vendor_rcs_app.te b/sepolicy/vendor/rcs_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_rcs_app.te
rename to sepolicy/vendor/rcs_app.te
index 37cadef2..0fa83bde 100644
--- a/sepolicy/whitechapel_pro/vendor_rcs_app.te
+++ b/sepolicy/vendor/rcs_app.te
@@ -1,9 +1,11 @@
 type vendor_rcs_app, domain;
+
 app_domain(vendor_rcs_app)
+
+binder_call(vendor_rcs_app, rild)
+
 net_domain(vendor_rcs_app)
 
 allow vendor_rcs_app app_api_service:service_manager find;
-allow vendor_rcs_app radio_service:service_manager find;
 allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find;
-
-binder_call(vendor_rcs_app, rild)
+allow vendor_rcs_app radio_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/vendor_rcs_service_app.te b/sepolicy/vendor/rcs_service_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_rcs_service_app.te
rename to sepolicy/vendor/rcs_service_app.te
index a7ae221f..75f85d05 100644
--- a/sepolicy/whitechapel_pro/vendor_rcs_service_app.te
+++ b/sepolicy/vendor/rcs_service_app.te
@@ -1,4 +1,5 @@
 type vendor_rcs_service_app, domain;
+
 app_domain(vendor_rcs_service_app)
 
 allow vendor_rcs_service_app app_api_service:service_manager find;
diff --git a/sepolicy/tracking_denials/rebalance_interrupts_vendor.te b/sepolicy/vendor/rebalance_interrupts_vendor.te
similarity index 58%
rename from sepolicy/tracking_denials/rebalance_interrupts_vendor.te
rename to sepolicy/vendor/rebalance_interrupts_vendor.te
index b9b246ce..71286ceb 100644
--- a/sepolicy/tracking_denials/rebalance_interrupts_vendor.te
+++ b/sepolicy/vendor/rebalance_interrupts_vendor.te
@@ -1,2 +1 @@
-# b/214472867
-dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override };
+dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability dac_override;
diff --git a/sepolicy/whitechapel_pro/rfsd.te b/sepolicy/vendor/rfsd.te
similarity index 54%
rename from sepolicy/whitechapel_pro/rfsd.te
rename to sepolicy/vendor/rfsd.te
index b4508328..bc1b4efc 100644
--- a/sepolicy/whitechapel_pro/rfsd.te
+++ b/sepolicy/vendor/rfsd.te
@@ -1,40 +1,23 @@
 type rfsd, domain;
-type rfsd_exec, vendor_file_type, exec_type, file_type;
+type rfsd_exec, exec_type, file_type, vendor_file_type;
+
 init_daemon_domain(rfsd)
 
-# Allow to setuid from root to radio and chown of modem efs files
-allow rfsd self:capability { chown setuid };
-
-# Allow to search block device and mnt dir for modem EFS partitions
-allow rfsd mnt_vendor_file:dir search;
-allow rfsd block_device:dir search;
-
-# Allow to operate with modem EFS file/dir
-allow rfsd modem_efs_file:dir create_dir_perms;
-allow rfsd modem_efs_file:file create_file_perms;
-
-allow rfsd radio_vendor_data_file:dir r_dir_perms;
-allow rfsd radio_vendor_data_file:file r_file_perms;
-
+r_dir_file(rfsd, modem_img_file)
 r_dir_file(rfsd, vendor_fw_file)
 
-# Allow to access rfsd log file/dir
+set_prop(rfsd, vendor_modem_prop)
+set_prop(rfsd, vendor_rild_prop)
+
+allow rfsd block_device:dir search;
+allow rfsd mnt_vendor_file:dir search;
+allow rfsd modem_block_device:blk_file rw_file_perms;
+allow rfsd modem_efs_file:dir create_dir_perms;
+allow rfsd modem_efs_file:file create_file_perms;
+allow rfsd radio_device:chr_file rw_file_perms;
+allow rfsd radio_vendor_data_file:dir r_dir_perms;
+allow rfsd radio_vendor_data_file:file r_file_perms;
+allow rfsd self:capability { chown setuid };
 allow rfsd vendor_log_file:dir search;
 allow rfsd vendor_rfsd_log_file:dir create_dir_perms;
 allow rfsd vendor_rfsd_log_file:file create_file_perms;
-
-# Allow to read/write modem block device
-allow rfsd modem_block_device:blk_file rw_file_perms;
-
-# Allow to operate with radio device
-allow rfsd radio_device:chr_file rw_file_perms;
-
-# Allow to set rild and modem property
-set_prop(rfsd, vendor_modem_prop)
-set_prop(rfsd, vendor_rild_prop)
-set_prop(cbd, vendor_cbd_prop)
-
-# Allow rfsd to access modem image file/dir
-allow rfsd modem_img_file:dir r_dir_perms;
-allow rfsd modem_img_file:file r_file_perms;
-allow rfsd modem_img_file:lnk_file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/rild.te b/sepolicy/vendor/rild.te
similarity index 74%
rename from sepolicy/whitechapel_pro/rild.te
rename to sepolicy/vendor/rild.te
index 356e8727..2fe5a7d3 100644
--- a/sepolicy/whitechapel_pro/rild.te
+++ b/sepolicy/vendor/rild.te
@@ -1,48 +1,35 @@
-set_prop(rild, vendor_rild_prop)
-set_prop(rild, vendor_modem_prop)
-get_prop(rild, vendor_persist_config_default_prop)
-get_prop(rild, vendor_carrier_prop)
+add_hwservice(rild, hal_exynos_rild_hwservice)
+
+binder_call(rild, bipchmgr)
+binder_call(rild, gpsd)
+binder_call(rild, grilservice_app)
+binder_call(rild, hal_audio_default)
+binder_call(rild, hal_secure_element_uicc)
+binder_call(rild, modem_svc_sit)
+binder_call(rild, oemrilservice_app)
+binder_call(rild, platform_app)
+binder_call(rild, vendor_engineermode_app)
+binder_call(rild, vendor_ims_app)
+binder_call(rild, vendor_rcs_app)
+binder_call(rild, vendor_telephony_debug_app)
 
 get_prop(rild, sota_prop)
 get_prop(rild, system_boot_reason_prop)
+get_prop(rild, vendor_audio_prop)
+get_prop(rild, vendor_carrier_prop)
+get_prop(rild, vendor_persist_config_default_prop)
+
+r_dir_file(rild, modem_img_file)
 
 set_prop(rild, telephony_ril_prop)
+set_prop(rild, vendor_modem_prop)
+set_prop(rild, vendor_rild_prop)
 
+allow rild hal_audio_ext_hwservice:hwservice_manager find;
+allow rild mnt_vendor_file:dir r_dir_perms;
 allow rild proc_net:file rw_file_perms;
 allow rild radio_vendor_data_file:dir create_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;
 allow rild rild_vendor_data_file:dir create_dir_perms;
 allow rild rild_vendor_data_file:file create_file_perms;
 allow rild vendor_fw_file:file r_file_perms;
-allow rild mnt_vendor_file:dir r_dir_perms;
-
-r_dir_file(rild, modem_img_file)
-
-binder_call(rild, platform_app)
-binder_call(rild, bipchmgr)
-binder_call(rild, gpsd)
-binder_call(rild, hal_audio_default)
-binder_call(rild, modem_svc_sit)
-binder_call(rild, vendor_ims_app)
-binder_call(rild, vendor_rcs_app)
-binder_call(rild, oemrilservice_app)
-binder_call(rild, hal_secure_element_uicc)
-binder_call(rild, grilservice_app)
-binder_call(rild, vendor_engineermode_app)
-binder_call(rild, vendor_telephony_debug_app)
-binder_call(rild, logger_app)
-
-# for hal service
-add_hwservice(rild, hal_exynos_rild_hwservice)
-
-# Allow rild to access files on modem img.
-allow rild modem_img_file:dir r_dir_perms;
-allow rild modem_img_file:file r_file_perms;
-allow rild modem_img_file:lnk_file r_file_perms;
-
-# Allow rild to ptrace for memory leak detection
-userdebug_or_eng(`
-allow rild self:process ptrace;
-
-binder_call(rild, modem_diagnostic_app)
-')
diff --git a/sepolicy/whitechapel_pro/rlsservice.te b/sepolicy/vendor/rlsservice.te
similarity index 59%
rename from sepolicy/whitechapel_pro/rlsservice.te
rename to sepolicy/vendor/rlsservice.te
index e531b0d6..20b56275 100644
--- a/sepolicy/whitechapel_pro/rlsservice.te
+++ b/sepolicy/vendor/rlsservice.te
@@ -1,38 +1,26 @@
 type rlsservice, domain;
-type rlsservice_exec, exec_type, vendor_file_type, file_type;
+type rlsservice_exec, exec_type, file_type, vendor_file_type;
 
-init_daemon_domain(rlsservice)
-vndbinder_use(rlsservice)
 add_service(rlsservice, rls_service)
 
-
-# access rainbow sensor calibration files
-allow rlsservice persist_file:dir search;
-allow rlsservice persist_camera_file:dir search;
-allow rlsservice persist_camera_file:file r_file_perms;
-allow rlsservice mnt_vendor_file:dir search;
-
-# access device files
-allow rlsservice rls_device:chr_file rw_file_perms;
-
 binder_call(rlsservice, hal_camera_default)
 binder_call(rlsservice, servicemanager)
 
+get_prop(rlsservice, vendor_camera_prop)
 
-# Allow access to display backlight information
+init_daemon_domain(rlsservice)
+
+vndbinder_use(rlsservice)
+
+allow rlsservice aoc_device:chr_file rw_file_perms;
+allow rlsservice apex_info_file:file r_file_perms;
+allow rlsservice device:dir { getattr ioctl lock map open read watch watch_reads };
+allow rlsservice dumpstate:fd use;
+allow rlsservice dumpstate:fifo_file write;
+allow rlsservice mnt_vendor_file:dir search;
+allow rlsservice persist_camera_file:dir search;
+allow rlsservice persist_camera_file:file r_file_perms;
+allow rlsservice persist_file:dir search;
+allow rlsservice rls_device:chr_file rw_file_perms;
 allow rlsservice sysfs_leds:dir search;
 allow rlsservice sysfs_leds:file r_file_perms;
-
-# Allow access to always-on compute device node
-allow rlsservice device:dir r_file_perms;
-allow rlsservice aoc_device:chr_file rw_file_perms;
-
-# For observing apex file changes
-allow rlsservice apex_info_file:file r_file_perms;
-
-# Allow read camera property
-get_prop(rlsservice, vendor_camera_prop);
-
-# Allow rlsservice bugreport generation
-allow rlsservice dumpstate:fd use;
-allow rlsservice dumpstate:fifo_file write;
\ No newline at end of file
diff --git a/sepolicy/whitechapel_pro/seapp_contexts b/sepolicy/vendor/seapp_contexts
similarity index 85%
rename from sepolicy/whitechapel_pro/seapp_contexts
rename to sepolicy/vendor/seapp_contexts
index 271e8574..54c3cd78 100644
--- a/sepolicy/whitechapel_pro/seapp_contexts
+++ b/sepolicy/vendor/seapp_contexts
@@ -1,44 +1,25 @@
-# Samsung S.LSI IMS
 user=_app isPrivApp=true name=.ShannonImsService domain=vendor_ims_app levelFrom=all
+user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
+user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all
-user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all
-
-# Samsung S.LSI telephony
+user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true seinfo=platform name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
+user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
+user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
+user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all
+user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all
+user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode domain=vendor_telephony_network_test_app levelFrom=all
 user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging domain=vendor_telephony_silentlogging_app levelFrom=all
 user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging:remote domain=vendor_silentlogging_remote_app levelFrom=all
 user=system seinfo=platform name=com.samsung.slsi.telephony.testmode domain=vendor_telephony_test_app levelFrom=all
 user=system seinfo=platform name=com.samsung.slsi.telephony.uartswitch domain=vendor_telephony_uartswitch_app levelFrom=all
-user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all
-user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode domain=vendor_telephony_network_test_app levelFrom=all
-
-# Samsung S.LSI engineer mode
-user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
-
-# Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
-user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
-
-# Domain for omadm
-user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
-
-# grilservice
-user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
-
-# Modem Diagnostic System
-user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
-user=_app isPrivApp=true seinfo=platform name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
-
-# CBRS setup app
-user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
-
-# Domain for EuiccSupportPixel
-user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
-
-# Domain for CatEngineService
-user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all
-
-# CccDkTimeSyncService
-user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all
diff --git a/sepolicy/vendor/service.te b/sepolicy/vendor/service.te
new file mode 100644
index 00000000..e506289b
--- /dev/null
+++ b/sepolicy/vendor/service.te
@@ -0,0 +1,13 @@
+type eco_service, service_manager_type;
+type edgetpu_nnapi_service, app_api_service, isolated_compute_allowed_service, service_manager_type;
+type gril_antenna_tuning_service, hal_service_type, service_manager_type;
+type hal_battery_mitigation_service, hal_service_type, service_manager_type;
+type hal_pixel_display_service, hal_service_type, service_manager_type;
+type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
+type rls_service, service_manager_type;
+type screen_protector_detector_service, hal_service_type, service_manager_type;
+type touch_context_service, hal_service_type, service_manager_type;
+type twoshay_file_dump_service, hal_service_type, service_manager_type;
+type twoshay_notification_service, hal_service_type, service_manager_type;
+type vendor_displaycolor_service, vndservice_manager_type;
+type vendor_image_processing_hal_service, hal_service_type, protected_service, service_manager_type;
diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts
new file mode 100644
index 00000000..da914579
--- /dev/null
+++ b/sepolicy/vendor/service_contexts
@@ -0,0 +1,28 @@
+android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
+android.hardware.neuralnetworks.IDevice/google-edgetpu u:object_r:edgetpu_nnapi_service:s0
+android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0
+android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0
+android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0
+aocx.IAocx/default u:object_r:aocx:s0
+com.google.android.imageprocessing.hal.IImageProcessingHal/default u:object_r:vendor_image_processing_hal_service:s0
+com.google.edgetpu.IEdgeTpuAppService/default u:object_r:edgetpu_app_service:s0
+com.google.edgetpu.IEdgeTpuVendorService/default u:object_r:edgetpu_vendor_service:s0
+com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0
+com.google.edgetpu.tachyon.IComputeService/default u:object_r:edgetpu_tachyon_service:s0
+com.google.flood.IFloodService/default u:object_r:flood_control_service:s0
+com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
+com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
+com.google.input.ITwoshayFileDumpService/touchflow_default u:object_r:twoshay_file_dump_service:s0
+com.google.input.ITwoshayFileDumpService/touchflow_outer u:object_r:twoshay_file_dump_service:s0
+com.google.input.ITwoshayFileDumpService/twoshay u:object_r:twoshay_file_dump_service:s0
+com.google.input.ITwoshayNotificationService/default u:object_r:twoshay_notification_service:s0
+com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0
+com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0
+com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
+hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
+mapper/pixel u:object_r:hal_graphics_mapper_service:s0
+media.ecoservice u:object_r:eco_service:s0
+rlsservice u:object_r:rls_service:s0
+vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default u:object_r:hal_fingerprint_service:s0
+vendor.google.battery_mitigation.IBatteryMitigation/default u:object_r:hal_battery_mitigation_service:s0
+vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
diff --git a/sepolicy/tracking_denials/servicemanager.te b/sepolicy/vendor/servicemanager.te
similarity index 80%
rename from sepolicy/tracking_denials/servicemanager.te
rename to sepolicy/vendor/servicemanager.te
index a6b549ff..97634daf 100644
--- a/sepolicy/tracking_denials/servicemanager.te
+++ b/sepolicy/vendor/servicemanager.te
@@ -1,2 +1 @@
-# b/305600595
 dontaudit servicemanager hal_thermal_default:binder call;
diff --git a/sepolicy/vendor/shell.te b/sepolicy/vendor/shell.te
new file mode 100644
index 00000000..f63f5cf2
--- /dev/null
+++ b/sepolicy/vendor/shell.te
@@ -0,0 +1 @@
+dontaudit shell sysfs_wlc:dir search;
diff --git a/sepolicy/whitechapel_pro/vendor_silentlogging_remote_app.te b/sepolicy/vendor/silentlogging_remote_app.te
similarity index 59%
rename from sepolicy/whitechapel_pro/vendor_silentlogging_remote_app.te
rename to sepolicy/vendor/silentlogging_remote_app.te
index 885fb6a7..7f0dcf07 100644
--- a/sepolicy/whitechapel_pro/vendor_silentlogging_remote_app.te
+++ b/sepolicy/vendor/silentlogging_remote_app.te
@@ -1,13 +1,7 @@
 type vendor_silentlogging_remote_app, domain;
+
 app_domain(vendor_silentlogging_remote_app)
 
+allow vendor_silentlogging_remote_app app_api_service:service_manager find;
 allow vendor_silentlogging_remote_app vendor_slog_file:dir create_dir_perms;
 allow vendor_silentlogging_remote_app vendor_slog_file:file create_file_perms;
-
-allow vendor_silentlogging_remote_app app_api_service:service_manager find;
-
-userdebug_or_eng(`
-# Silent Logging Remote
-dontaudit vendor_silentlogging_remote_app system_app_data_file:dir create_dir_perms;
-dontaudit vendor_silentlogging_remote_app system_app_data_file:file create_file_perms;
-')
diff --git a/sepolicy/vendor/sscoredump.te b/sepolicy/vendor/sscoredump.te
new file mode 100644
index 00000000..15cb58d1
--- /dev/null
+++ b/sepolicy/vendor/sscoredump.te
@@ -0,0 +1,12 @@
+type sscoredump, domain;
+type sscoredump_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(sscoredump)
+
+set_prop(sscoredump, vendor_ssrdump_prop)
+
+allow sscoredump device:dir r_dir_perms;
+allow sscoredump sscoredump_device:chr_file rw_file_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:file create_file_perms;
+allow sscoredump sysfs_sscoredump_subsystem_report_count:file r_file_perms;
diff --git a/sepolicy/vendor/ssr_detector_app.te b/sepolicy/vendor/ssr_detector_app.te
new file mode 100644
index 00000000..84ab3117
--- /dev/null
+++ b/sepolicy/vendor/ssr_detector_app.te
@@ -0,0 +1,13 @@
+type ssr_detector_app, domain;
+
+app_domain(ssr_detector_app)
+
+get_prop(ssr_detector_app, vendor_ssrdump_prop)
+get_prop(ssr_detector_app, vendor_wifi_version)
+
+allow ssr_detector_app app_api_service:service_manager find;
+allow ssr_detector_app radio_service:service_manager find;
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/storage_init.te b/sepolicy/vendor/storage_init.te
new file mode 100644
index 00000000..f7059908
--- /dev/null
+++ b/sepolicy/vendor/storage_init.te
@@ -0,0 +1,10 @@
+type storage_init, domain;
+type storage_init_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(storage_init)
+
+allow storage_init proc_f2fs:dir search;
+allow storage_init proc_f2fs:file { getattr open read };
+allow storage_init sysfs_fs_f2fs:dir search;
+allow storage_init sysfs_fs_f2fs:file { getattr open read write };
+allow storage_init vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/storage_intelligence.te b/sepolicy/vendor/storage_intelligence.te
new file mode 100644
index 00000000..190ae470
--- /dev/null
+++ b/sepolicy/vendor/storage_intelligence.te
@@ -0,0 +1,10 @@
+type storage_intelligence, domain;
+type storage_intelligence_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(storage_intelligence)
+
+set_prop(storage_intelligence, vendor_intelligence_prop)
+
+allow storage_intelligence block_device:dir search;
+allow storage_intelligence userdata_exp_block_device:blk_file rw_file_perms;
+allow storage_intelligence vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/whitechapel_pro/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te
similarity index 100%
rename from sepolicy/whitechapel_pro/surfaceflinger.te
rename to sepolicy/vendor/surfaceflinger.te
diff --git a/sepolicy/whitechapel_pro/vndservice.te b/sepolicy/vendor/surfaceflinger_vndservice.te
similarity index 100%
rename from sepolicy/whitechapel_pro/vndservice.te
rename to sepolicy/vendor/surfaceflinger_vndservice.te
diff --git a/sepolicy/vendor/system.te b/sepolicy/vendor/system.te
new file mode 100644
index 00000000..5405c1d8
--- /dev/null
+++ b/sepolicy/vendor/system.te
@@ -0,0 +1,3 @@
+binder_call(system_server, gpsd)
+binder_call(system_server, hal_camera_default)
+binder_call(system_server, pixelstats_vendor)
diff --git a/sepolicy/whitechapel_pro/system_app.te b/sepolicy/vendor/system_app.te
similarity index 95%
rename from sepolicy/whitechapel_pro/system_app.te
rename to sepolicy/vendor/system_app.te
index 4677e980..e8da1ab7 100644
--- a/sepolicy/whitechapel_pro/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -1,3 +1,3 @@
-# WLC
-allow system_app hal_wireless_charger_service:service_manager find;
 binder_call(system_app, hal_wireless_charger)
+
+allow system_app hal_wireless_charger_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/tee.te b/sepolicy/vendor/tee.te
similarity index 81%
rename from sepolicy/whitechapel_pro/tee.te
rename to sepolicy/vendor/tee.te
index bfff0a91..2270bcdd 100644
--- a/sepolicy/whitechapel_pro/tee.te
+++ b/sepolicy/vendor/tee.te
@@ -1,14 +1,13 @@
-# Handle wake locks
-wakelock_use(tee)
-
-allow tee persist_ss_file:file create_file_perms;
-allow tee persist_ss_file:dir create_dir_perms;
-allow tee persist_file:dir r_dir_perms;
-allow tee mnt_vendor_file:dir r_dir_perms;
-allow tee tee_data_file:dir rw_dir_perms;
-allow tee tee_data_file:lnk_file r_file_perms;
-
-# Allow storageproxyd access to gsi_public_metadata_file
 read_fstab(tee)
 
 set_prop(tee, vendor_trusty_storage_prop)
+
+wakelock_use(tee)
+
+allow tee mnt_vendor_file:dir r_dir_perms;
+allow tee persist_file:dir r_dir_perms;
+allow tee persist_ss_file:dir create_dir_perms;
+allow tee persist_ss_file:file create_file_perms;
+allow tee sg_device:chr_file rw_file_perms;
+allow tee tee_data_file:dir rw_dir_perms;
+allow tee tee_data_file:lnk_file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/vendor_telephony_debug_app.te b/sepolicy/vendor/telephony_debug_app.te
similarity index 56%
rename from sepolicy/whitechapel_pro/vendor_telephony_debug_app.te
rename to sepolicy/vendor/telephony_debug_app.te
index 539fffce..b6e14d22 100644
--- a/sepolicy/whitechapel_pro/vendor_telephony_debug_app.te
+++ b/sepolicy/vendor/telephony_debug_app.te
@@ -1,20 +1,11 @@
 type vendor_telephony_debug_app, domain;
-app_domain(vendor_telephony_debug_app)
 
-allow vendor_telephony_debug_app app_api_service:service_manager find;
-allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find;
+app_domain(vendor_telephony_debug_app)
 
 binder_call(vendor_telephony_debug_app, rild)
 
-# RIL property
 set_prop(vendor_telephony_debug_app, vendor_rild_prop)
-
-# Debug property
 set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)
 
-userdebug_or_eng(`
-# System Debug Mode
-dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms;
-dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms;
-dontaudit vendor_telephony_debug_app default_prop:file r_file_perms;
-')
+allow vendor_telephony_debug_app app_api_service:service_manager find;
+allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find;
diff --git a/sepolicy/whitechapel_pro/vendor_telephony_network_test_app.te b/sepolicy/vendor/telephony_network_test_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_telephony_network_test_app.te
rename to sepolicy/vendor/telephony_network_test_app.te
index 3c34309e..2e815696 100644
--- a/sepolicy/whitechapel_pro/vendor_telephony_network_test_app.te
+++ b/sepolicy/vendor/telephony_network_test_app.te
@@ -1,4 +1,5 @@
 type vendor_telephony_network_test_app, domain;
+
 app_domain(vendor_telephony_network_test_app)
 
 allow vendor_telephony_network_test_app app_api_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te b/sepolicy/vendor/telephony_silentlogging_app.te
similarity index 61%
rename from sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te
rename to sepolicy/vendor/telephony_silentlogging_app.te
index a9497f5d..ed420f9e 100644
--- a/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te
+++ b/sepolicy/vendor/telephony_silentlogging_app.te
@@ -1,20 +1,13 @@
 type vendor_telephony_silentlogging_app, domain;
+
 app_domain(vendor_telephony_silentlogging_app)
 
+binder_call(vendor_telephony_silentlogging_app, dmd)
+
 set_prop(vendor_telephony_silentlogging_app, vendor_modem_prop)
 set_prop(vendor_telephony_silentlogging_app, vendor_slog_prop)
 
-allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms;
-allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms;
-
 allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
 allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
-binder_call(vendor_telephony_silentlogging_app, dmd)
-
-userdebug_or_eng(`
-# Silent Logging
-dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir create_dir_perms;
-dontaudit vendor_telephony_silentlogging_app system_app_data_file:file create_file_perms;
-dontaudit vendor_telephony_silentlogging_app default_prop:file { getattr open read map };
-allow vendor_telephony_silentlogging_app selinuxfs:file { read open };
-')
+allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms;
+allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms;
diff --git a/sepolicy/whitechapel_pro/vendor_telephony_test_app.te b/sepolicy/vendor/telephony_test_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_telephony_test_app.te
rename to sepolicy/vendor/telephony_test_app.te
index ea182093..449ff7e5 100644
--- a/sepolicy/whitechapel_pro/vendor_telephony_test_app.te
+++ b/sepolicy/vendor/telephony_test_app.te
@@ -1,4 +1,5 @@
 type vendor_telephony_test_app, domain;
+
 app_domain(vendor_telephony_test_app)
 
 allow vendor_telephony_test_app app_api_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/vendor_telephony_uartswitch_app.te b/sepolicy/vendor/telephony_uartswitch_app.te
similarity index 99%
rename from sepolicy/whitechapel_pro/vendor_telephony_uartswitch_app.te
rename to sepolicy/vendor/telephony_uartswitch_app.te
index c0ad6054..7ea425af 100644
--- a/sepolicy/whitechapel_pro/vendor_telephony_uartswitch_app.te
+++ b/sepolicy/vendor/telephony_uartswitch_app.te
@@ -1,4 +1,5 @@
 type vendor_telephony_uartswitch_app, domain;
+
 app_domain(vendor_telephony_uartswitch_app)
 
 allow vendor_telephony_uartswitch_app app_api_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/toolbox.te b/sepolicy/vendor/toolbox.te
similarity index 100%
rename from sepolicy/whitechapel_pro/toolbox.te
rename to sepolicy/vendor/toolbox.te
index 9fbbb7ab..452408de 100644
--- a/sepolicy/whitechapel_pro/toolbox.te
+++ b/sepolicy/vendor/toolbox.te
@@ -1,3 +1,3 @@
-allow toolbox ram_device:blk_file rw_file_perms;
 allow toolbox per_boot_file:dir create_dir_perms;
 allow toolbox per_boot_file:file create_file_perms;
+allow toolbox ram_device:blk_file rw_file_perms;
diff --git a/sepolicy/whitechapel_pro/trusty_apploader.te b/sepolicy/vendor/trusty_apploader.te
similarity index 80%
rename from sepolicy/whitechapel_pro/trusty_apploader.te
rename to sepolicy/vendor/trusty_apploader.te
index 983e3a03..962e14ff 100644
--- a/sepolicy/whitechapel_pro/trusty_apploader.te
+++ b/sepolicy/vendor/trusty_apploader.te
@@ -1,7 +1,8 @@
 type trusty_apploader, domain;
-type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
+type trusty_apploader_exec, exec_type, file_type, vendor_file_type;
+
 init_daemon_domain(trusty_apploader)
 
+allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms;
 allow trusty_apploader ion_device:chr_file r_file_perms;
 allow trusty_apploader tee_device:chr_file rw_file_perms;
-allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/trusty_metricsd.te b/sepolicy/vendor/trusty_metricsd.te
similarity index 73%
rename from sepolicy/whitechapel_pro/trusty_metricsd.te
rename to sepolicy/vendor/trusty_metricsd.te
index 63fc85b6..71858d6c 100644
--- a/sepolicy/whitechapel_pro/trusty_metricsd.te
+++ b/sepolicy/vendor/trusty_metricsd.te
@@ -1,11 +1,11 @@
 type trusty_metricsd, domain;
-type trusty_metricsd_exec, exec_type, vendor_file_type, file_type;
+type trusty_metricsd_exec, exec_type, file_type, vendor_file_type;
+
+binder_call(trusty_metricsd, system_server)
+
+binder_use(trusty_metricsd)
 
 init_daemon_domain(trusty_metricsd)
 
-allow trusty_metricsd tee_device:chr_file rw_file_perms;
-
-# For Suez metrics collection
-binder_use(trusty_metricsd)
-binder_call(trusty_metricsd, system_server)
 allow trusty_metricsd fwk_stats_service:service_manager find;
+allow trusty_metricsd tee_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/twoshay.te b/sepolicy/vendor/twoshay.te
new file mode 100644
index 00000000..8bb2e063
--- /dev/null
+++ b/sepolicy/vendor/twoshay.te
@@ -0,0 +1,24 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, file_type, vendor_file_type;
+
+add_service(twoshay, gril_antenna_tuning_service)
+add_service(twoshay, screen_protector_detector_service)
+add_service(twoshay, touch_context_service)
+add_service(twoshay, twoshay_file_dump_service)
+add_service(twoshay, twoshay_notification_service)
+
+binder_call(twoshay, platform_app)
+binder_call(twoshay, stats_service_server)
+
+binder_use(twoshay)
+
+init_daemon_domain(twoshay)
+
+allow twoshay dumpstate:fd use;
+allow twoshay dumpstate:fifo_file write;
+allow twoshay fwk_stats_service:service_manager find;
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
+dontaudit twoshay boot_status_prop:file read;
+dontaudit twoshay twoshay:capability dac_override;
diff --git a/sepolicy/whitechapel_pro/ufs_firmware_update.te b/sepolicy/vendor/ufs_firmware_update.te
similarity index 64%
rename from sepolicy/whitechapel_pro/ufs_firmware_update.te
rename to sepolicy/vendor/ufs_firmware_update.te
index 121e462b..30683534 100644
--- a/sepolicy/whitechapel_pro/ufs_firmware_update.te
+++ b/sepolicy/vendor/ufs_firmware_update.te
@@ -1,11 +1,13 @@
-# ufs ffu
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, exec_type, file_type, vendor_file_type;
+
 init_daemon_domain(ufs_firmware_update)
 
-# ufs ffu
-allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
 allow ufs_firmware_update block_device:dir r_dir_perms;
+allow ufs_firmware_update block_device:dir search;
 allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
 allow ufs_firmware_update sysfs:dir r_dir_perms;
 allow ufs_firmware_update sysfs_scsi_devices_0000:dir search;
 allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
-
+allow ufs_firmware_update ufs_internal_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vendor/untrusted_app_all.te b/sepolicy/vendor/untrusted_app_all.te
new file mode 100644
index 00000000..f761e332
--- /dev/null
+++ b/sepolicy/vendor/untrusted_app_all.te
@@ -0,0 +1,4 @@
+allow untrusted_app_all edgetpu_app_service:service_manager find;
+allow untrusted_app_all edgetpu_device:chr_file { getattr ioctl map read write };
+
+dontaudit untrusted_app_all proc_vendor_sched:dir search;
diff --git a/sepolicy/whitechapel_pro/update_engine.te b/sepolicy/vendor/update_engine.te
similarity index 70%
rename from sepolicy/whitechapel_pro/update_engine.te
rename to sepolicy/vendor/update_engine.te
index a403d9e4..b4f3cf8c 100644
--- a/sepolicy/whitechapel_pro/update_engine.te
+++ b/sepolicy/vendor/update_engine.te
@@ -1,3 +1,2 @@
 allow update_engine custom_ab_block_device:blk_file rw_file_perms;
 allow update_engine modem_block_device:blk_file rw_file_perms;
-allow update_engine proc_bootconfig:file r_file_perms;
diff --git a/sepolicy/vendor/uwb_calibration_country_code.te b/sepolicy/vendor/uwb_calibration_country_code.te
new file mode 100644
index 00000000..a1205857
--- /dev/null
+++ b/sepolicy/vendor/uwb_calibration_country_code.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_uwb_calibration_country_code)
diff --git a/sepolicy/whitechapel_pro/vendor_uwb_init.te b/sepolicy/vendor/uwb_init.te
similarity index 82%
rename from sepolicy/whitechapel_pro/vendor_uwb_init.te
rename to sepolicy/vendor/uwb_init.te
index f317b253..9fd87a6d 100644
--- a/sepolicy/whitechapel_pro/vendor_uwb_init.te
+++ b/sepolicy/vendor/uwb_init.te
@@ -1,10 +1,9 @@
 type vendor_uwb_init, domain;
-type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type;
+type vendor_uwb_init_exec, exec_type, file_type, vendor_file_type;
 
 init_daemon_domain(vendor_uwb_init)
 
+allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms;
+allow vendor_uwb_init uwb_data_vendor:file create_file_perms;
 allow vendor_uwb_init vendor_shell_exec:file rx_file_perms;
 allow vendor_uwb_init vendor_toolbox_exec:file rx_file_perms;
-
-allow vendor_uwb_init uwb_data_vendor:file create_file_perms;
-allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms;
diff --git a/sepolicy/vendor/uwb_vendor_app.te b/sepolicy/vendor/uwb_vendor_app.te
new file mode 100644
index 00000000..f7724ee2
--- /dev/null
+++ b/sepolicy/vendor/uwb_vendor_app.te
@@ -0,0 +1,9 @@
+binder_call(uwb_vendor_app, hal_uwb_vendor_default)
+
+get_prop(uwb_vendor_app, vendor_secure_element_prop)
+
+hal_client_domain(uwb_vendor_app, hal_uwb_vendor)
+
+set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code)
+
+allow uwb_vendor_app hal_uwb_vendor_service:service_manager find;
diff --git a/sepolicy/vendor/vndservice_contexts b/sepolicy/vendor/vndservice_contexts
new file mode 100644
index 00000000..e9879645
--- /dev/null
+++ b/sepolicy/vendor/vndservice_contexts
@@ -0,0 +1,3 @@
+Exynos.HWCService u:object_r:vendor_surfaceflinger_vndservice:s0
+android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0
+displaycolor u:object_r:vendor_displaycolor_service:s0
diff --git a/sepolicy/vendor/vndservicemanager.te b/sepolicy/vendor/vndservicemanager.te
new file mode 100644
index 00000000..335cd2bc
--- /dev/null
+++ b/sepolicy/vendor/vndservicemanager.te
@@ -0,0 +1 @@
+binder_call(vndservicemanager, hal_keymint_citadel)
diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
new file mode 100644
index 00000000..98cf1bef
--- /dev/null
+++ b/sepolicy/vendor/vold.te
@@ -0,0 +1,13 @@
+allow vold efs_block_device:blk_file getattr;
+allow vold modem_efs_file:dir { ioctl open read };
+allow vold modem_efs_file:dir rw_dir_perms;
+allow vold modem_userdata_block_device:blk_file getattr;
+allow vold modem_userdata_file:dir { ioctl open read };
+allow vold modem_userdata_file:dir rw_dir_perms;
+allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+allow vold userdata_exp_block_device:blk_file rw_file_perms;
+
+allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+
+dontaudit vold dumpstate:fd use;
+dontaudit vold dumpstate:fifo_file rw_file_perms;
diff --git a/sepolicy/vendor/volte_mif_off.te b/sepolicy/vendor/volte_mif_off.te
new file mode 100644
index 00000000..fa94bd7d
--- /dev/null
+++ b/sepolicy/vendor/volte_mif_off.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_volte_mif_off)
diff --git a/sepolicy/vendor/wifi_version.te b/sepolicy/vendor/wifi_version.te
new file mode 100644
index 00000000..433a4ab5
--- /dev/null
+++ b/sepolicy/vendor/wifi_version.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_wifi_version)
diff --git a/sepolicy/whitechapel_pro/audioserver.te b/sepolicy/whitechapel_pro/audioserver.te
deleted file mode 100644
index c7d69097..00000000
--- a/sepolicy/whitechapel_pro/audioserver.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# allow access to ALSA MMAP FDs for AAudio API
-allow audioserver audio_device:chr_file r_file_perms;
-allow audioserver audio_service:service_manager find;
diff --git a/sepolicy/whitechapel_pro/bluetooth.te b/sepolicy/whitechapel_pro/bluetooth.te
deleted file mode 100644
index 3795e299..00000000
--- a/sepolicy/whitechapel_pro/bluetooth.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow bluetooth proc_vendor_sched:dir r_dir_perms;
-allow bluetooth proc_vendor_sched:file w_file_perms;
-
-allow hal_bluetooth_btlinux aoc_device:chr_file { getattr open read write };
-allow hal_bluetooth_btlinux device:dir r_dir_perms;
\ No newline at end of file
diff --git a/sepolicy/whitechapel_pro/bootanim.te b/sepolicy/whitechapel_pro/bootanim.te
deleted file mode 100644
index 7b3019df..00000000
--- a/sepolicy/whitechapel_pro/bootanim.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# TODO(b/62954877). On Android Wear, bootanim reads the time
-# during boot to display. It currently gets that time from a file
-# in /data/system. This should be moved. In the meantime, suppress
-# this denial on phones since this functionality is not used.
-dontaudit bootanim system_data_file:dir r_dir_perms;
diff --git a/sepolicy/whitechapel_pro/cat_engine_service_app.te b/sepolicy/whitechapel_pro/cat_engine_service_app.te
deleted file mode 100644
index 876b7967..00000000
--- a/sepolicy/whitechapel_pro/cat_engine_service_app.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type cat_engine_service_app, domain;
-
-userdebug_or_eng(`
-  app_domain(cat_engine_service_app)
-  get_prop(cat_engine_service_app, vendor_rild_prop)
-  allow cat_engine_service_app app_api_service:service_manager find;
-  allow cat_engine_service_app system_app_data_file:dir create_dir_perms;
-  allow cat_engine_service_app system_app_data_file:file create_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/cbrs_setup.te b/sepolicy/whitechapel_pro/cbrs_setup.te
deleted file mode 100644
index 1abbcff1..00000000
--- a/sepolicy/whitechapel_pro/cbrs_setup.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# GoogleCBRS app
-type cbrs_setup_app, domain;
-
-userdebug_or_eng(`
-  app_domain(cbrs_setup_app)
-  net_domain(cbrs_setup_app)
-
-  allow cbrs_setup_app app_api_service:service_manager find;
-  allow cbrs_setup_app cameraserver_service:service_manager find;
-  allow cbrs_setup_app radio_service:service_manager find;
-  set_prop(cbrs_setup_app, radio_prop)
-  set_prop(cbrs_setup_app, vendor_rild_prop)
-')
diff --git a/sepolicy/whitechapel_pro/certs/camera_eng.x509.pem b/sepolicy/whitechapel_pro/certs/camera_eng.x509.pem
deleted file mode 100644
index 011a9ec4..00000000
--- a/sepolicy/whitechapel_pro/certs/camera_eng.x509.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx
-EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw
-NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE
-ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO
-OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
-+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
-+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
-UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
-TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
-rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
-TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK
-pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY
-DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG
-ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4
-rscXTxYEf4Tqovc=
------END CERTIFICATE-----
diff --git a/sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem b/sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem
deleted file mode 100644
index fb11572f..00000000
--- a/sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
-BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
-bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
-HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
-MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
-b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
-bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
-jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
-IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
-tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
-0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
-Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
-aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
------END CERTIFICATE-----
diff --git a/sepolicy/whitechapel_pro/chre.te b/sepolicy/whitechapel_pro/chre.te
deleted file mode 100644
index 2531af89..00000000
--- a/sepolicy/whitechapel_pro/chre.te
+++ /dev/null
@@ -1,31 +0,0 @@
-type chre, domain;
-type chre_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(chre)
-
-# Permit communication with AoC
-allow chre aoc_device:chr_file rw_file_perms;
-
-# Allow CHRE to determine AoC's current clock
-allow chre sysfs_aoc:dir search;
-allow chre sysfs_aoc_boottime:file r_file_perms;
-
-# Allow CHRE to create thread to watch AOC's device
-allow chre device:dir r_dir_perms;
-
-# Allow CHRE to use the USF low latency transport
-usf_low_latency_transport(chre)
-
-# Allow CHRE to talk to the WiFi HAL
-allow chre hal_wifi_ext:binder { call transfer };
-allow chre hal_wifi_ext_hwservice:hwservice_manager find;
-allow chre hal_wifi_ext_service:service_manager find;
-
-# Allow CHRE host to talk to stats service
-allow chre fwk_stats_service:service_manager find;
-binder_call(chre, stats_service_server)
-
-# Allow CHRE to use WakeLock
-wakelock_use(chre)
-
-# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
-allow chre self:global_capability2_class_set block_suspend;
diff --git a/sepolicy/whitechapel_pro/debug_camera_app.te b/sepolicy/whitechapel_pro/debug_camera_app.te
deleted file mode 100644
index 9d7bcd87..00000000
--- a/sepolicy/whitechapel_pro/debug_camera_app.te
+++ /dev/null
@@ -1,16 +0,0 @@
-# File containing sepolicies for GCA-Eng & GCA-Next.
-userdebug_or_eng(`
-	# Allows camera app to access the GXP device and properties.
-	allow debug_camera_app gxp_device:chr_file rw_file_perms;
-	get_prop(debug_camera_app, vendor_gxp_prop)
-
-	# Allows camera app to search for GXP firmware file.
-	allow debug_camera_app vendor_fw_file:dir search;
-
-	# Allows GCA-Eng to find and access the EdgeTPU.
-	allow debug_camera_app edgetpu_app_service:service_manager find;
-	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
-
-	# Allows tachyon_service to communicate with GCA-Eng via binder.
-	binder_call(edgetpu_tachyon_server, debug_camera_app);
-')
diff --git a/sepolicy/whitechapel_pro/device.te b/sepolicy/whitechapel_pro/device.te
deleted file mode 100644
index d23a1adf..00000000
--- a/sepolicy/whitechapel_pro/device.te
+++ /dev/null
@@ -1,21 +0,0 @@
-# device.te
-type modem_block_device, dev_type;
-type custom_ab_block_device, dev_type;
-type mfg_data_block_device, dev_type;
-type vendor_toe_device, dev_type;
-type lwis_device, dev_type;
-type logbuffer_device, dev_type;
-type rls_device, dev_type;
-type fingerprint_device, dev_type;
-type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
-type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
-type vframe_heap_device, dmabuf_heap_device_type, dev_type;
-type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
-type radio_test_device, dev_type;
-type vendor_gnss_device, dev_type;
-type fips_block_device, dev_type;
-
-# SecureElement SPI device
-type st54spi_device, dev_type;
-type st33spi_device, dev_type;
-
diff --git a/sepolicy/whitechapel_pro/domain.te b/sepolicy/whitechapel_pro/domain.te
deleted file mode 100644
index ad32036f..00000000
--- a/sepolicy/whitechapel_pro/domain.te
+++ /dev/null
@@ -1,6 +0,0 @@
-allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms;
-allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms;
-
-# Mali
-get_prop(domain, vendor_arm_runtime_option_prop)
-
diff --git a/sepolicy/whitechapel_pro/dumpstate.te b/sepolicy/whitechapel_pro/dumpstate.te
deleted file mode 100644
index da71a845..00000000
--- a/sepolicy/whitechapel_pro/dumpstate.te
+++ /dev/null
@@ -1,16 +0,0 @@
-dump_hal(hal_health)
-dump_hal(hal_graphics_composer)
-dump_hal(hal_telephony)
-dump_hal(hal_uwb_vendor)
-
-userdebug_or_eng(`
-  allow dumpstate media_rw_data_file:file append;
-')
-
-allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
-allow dumpstate persist_file:dir r_dir_perms;
-allow dumpstate modem_efs_file:dir r_dir_perms;
-allow dumpstate modem_userdata_file:dir r_dir_perms;
-allow dumpstate modem_img_file:dir r_dir_perms;
-allow dumpstate fuse:dir search;
-allow dumpstate rlsservice:binder call;
\ No newline at end of file
diff --git a/sepolicy/whitechapel_pro/e2fs.te b/sepolicy/whitechapel_pro/e2fs.te
deleted file mode 100644
index 3e72adfb..00000000
--- a/sepolicy/whitechapel_pro/e2fs.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow e2fs persist_block_device:blk_file rw_file_perms;
-allow e2fs efs_block_device:blk_file rw_file_perms;
-allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
-allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
-  BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
-};
-allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
-allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/sepolicy/whitechapel_pro/euiccpixel_app.te b/sepolicy/whitechapel_pro/euiccpixel_app.te
deleted file mode 100644
index 303f8f36..00000000
--- a/sepolicy/whitechapel_pro/euiccpixel_app.te
+++ /dev/null
@@ -1,26 +0,0 @@
-# EuiccSupportPixel app
-
-type euiccpixel_app, domain;
-app_domain(euiccpixel_app)
-
-allow euiccpixel_app app_api_service:service_manager find;
-allow euiccpixel_app radio_service:service_manager find;
-allow euiccpixel_app nfc_service:service_manager find;
-allow euiccpixel_app sysfs_st33spi:dir search;
-allow euiccpixel_app sysfs_st33spi:file rw_file_perms;
-
-set_prop(euiccpixel_app, vendor_secure_element_prop)
-set_prop(euiccpixel_app, vendor_modem_prop)
-get_prop(euiccpixel_app, dck_prop)
-
-userdebug_or_eng(`
-    net_domain(euiccpixel_app)
-
-    # Access to directly upgrade firmware on st54spi_device used for engineering devices
-    typeattribute st54spi_device mlstrustedobject;
-    allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
-    # Access to directly upgrade firmware on st33spi_device used for engineering devices
-    typeattribute st33spi_device mlstrustedobject;
-    allow euiccpixel_app st33spi_device:chr_file rw_file_perms;
-')
-
diff --git a/sepolicy/whitechapel_pro/fastbootd.te b/sepolicy/whitechapel_pro/fastbootd.te
deleted file mode 100644
index c9df82df..00000000
--- a/sepolicy/whitechapel_pro/fastbootd.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Required by the bootcontrol HAL for the 'set_active' command.
-recovery_only(`
-allow fastbootd devinfo_block_device:blk_file rw_file_perms;
-allow fastbootd sda_block_device:blk_file rw_file_perms;
-allow fastbootd sysfs_ota:file rw_file_perms;
-allow fastbootd st54spi_device:chr_file rw_file_perms;
-allow fastbootd custom_ab_block_device:blk_file rw_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/file.te b/sepolicy/whitechapel_pro/file.te
deleted file mode 100644
index 929ea63c..00000000
--- a/sepolicy/whitechapel_pro/file.te
+++ /dev/null
@@ -1,98 +0,0 @@
-# Data
-type chre_data_file, file_type, data_file_type;
-type rild_vendor_data_file, file_type, data_file_type;
-type vendor_log_file, file_type, data_file_type;
-type vendor_rfsd_log_file, file_type, data_file_type;
-type modem_stat_data_file, file_type, data_file_type;
-type vendor_slog_file, file_type, data_file_type;
-type updated_wifi_firmware_data_file, file_type, data_file_type;
-type vendor_misc_data_file, file_type, data_file_type;
-type per_boot_file, file_type, data_file_type, core_data_file_type;
-type uwb_data_vendor, file_type, data_file_type;
-type powerstats_vendor_data_file, file_type, data_file_type;
-type vendor_gps_file, file_type, data_file_type;
-userdebug_or_eng(`
-  typeattribute vendor_gps_file mlstrustedobject;
-  typeattribute vendor_slog_file mlstrustedobject;
-')
-
-# Exynos Firmware
-type vendor_fw_file, vendor_file_type, file_type;
-
-# Trusty
-type sysfs_trusty, sysfs_type, fs_type;
-
-# EM Profile
-type sysfs_em_profile, sysfs_type, fs_type;
-
-# sysfs
-type sysfs_chosen, sysfs_type, fs_type;
-type bootdevice_sysdev, dev_type;
-type sysfs_fabric, sysfs_type, fs_type;
-type sysfs_acpm_stats, sysfs_type, fs_type;
-type sysfs_wifi, sysfs_type, fs_type;
-type sysfs_exynos_pcie_stats, sysfs_type, fs_type;
-type sysfs_bcmdhd, sysfs_type, fs_type;
-type sysfs_chargelevel, sysfs_type, fs_type;
-type sysfs_camera, sysfs_type, fs_type;
-type sysfs_write_leds, sysfs_type, fs_type;
-type sysfs_pca, sysfs_type, fs_type;
-type sysfs_ptracker, sysfs_type, fs_type;
-# debugfs
-type vendor_maxfg_debugfs, fs_type, debugfs_type;
-type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
-type vendor_regmap_debugfs, fs_type, debugfs_type;
-type vendor_usb_debugfs, fs_type, debugfs_type;
-type vendor_charger_debugfs, fs_type, debugfs_type;
-type vendor_votable_debugfs, fs_type, debugfs_type;
-type vendor_battery_debugfs, fs_type, debugfs_type;
-
-# vendor extra images
-type modem_img_file, contextmount_type, file_type, vendor_file_type;
-allow modem_img_file self:filesystem associate;
-
-# persist
-type persist_battery_file, file_type, vendor_persist_type;
-type persist_camera_file, file_type, vendor_persist_type;
-type persist_modem_file, file_type, vendor_persist_type;
-type persist_ss_file, file_type, vendor_persist_type;
-type persist_uwb_file, file_type, vendor_persist_type;
-type persist_display_file, file_type, vendor_persist_type;
-
-# CHRE
-type chre_socket, file_type;
-
-# Storage Health HAL
-type proc_f2fs, proc_type, fs_type;
-
-# Vendor tools
-type vendor_dumpsys, vendor_file_type, file_type;
-
-# Modem
-type modem_efs_file, file_type;
-type modem_userdata_file, file_type;
-type sysfs_modem, sysfs_type, fs_type;
-
-# SecureElement
-type sysfs_st33spi, sysfs_type, fs_type;
-typeattribute sysfs_st33spi mlstrustedobject;
-
-# Vendor sched files
-userdebug_or_eng(`
-    typeattribute proc_vendor_sched mlstrustedobject;
-')
-
-# SJTAG
-type sysfs_sjtag, fs_type, sysfs_type;
-userdebug_or_eng(`
-    typeattribute sysfs_sjtag mlstrustedobject;
-')
-
-# USB-C throttling stats
-type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
-
-# WLC
-type sysfs_wlc, sysfs_type, fs_type;
-
-# /system_ext/bin/convert_to_ext4.sh
-type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type;
diff --git a/sepolicy/whitechapel_pro/file_contexts b/sepolicy/whitechapel_pro/file_contexts
deleted file mode 100644
index 44b8bf9b..00000000
--- a/sepolicy/whitechapel_pro/file_contexts
+++ /dev/null
@@ -1,225 +0,0 @@
-# Binaries
-/vendor/bin/dmd                                                             u:object_r:dmd_exec:s0
-/vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
-/vendor/bin/vcd                                                             u:object_r:vcd_exec:s0
-/vendor/bin/chre                                                            u:object_r:chre_exec:s0
-/vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
-/vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
-/vendor/bin/bipchmgr                                                        u:object_r:bipchmgr_exec:s0
-/vendor/bin/storageproxyd                                                   u:object_r:tee_exec:s0
-/vendor/bin/init\.radio\.sh                                                 u:object_r:init_radio_exec:s0
-/vendor/bin/tcpdump_logger                                                  u:object_r:tcpdump_logger_exec:s0
-/vendor/bin/init\.display\.sh                                               u:object_r:init-display-sh_exec:s0
-/vendor/bin/trusty_apploader                                                u:object_r:trusty_apploader_exec:s0
-/vendor/bin/trusty_metricsd                                                 u:object_r:trusty_metricsd_exec:s0
-/vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
-/vendor/bin/dump/dump_power                                                 u:object_r:dump_power_exec:s0
-/vendor/bin/init\.uwb\.calib\.sh                                            u:object_r:vendor_uwb_init_exec:s0
-/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
-/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty                u:object_r:hal_gatekeeper_default_exec:s0
-/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty         u:object_r:hal_keymint_default_exec:s0
-/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty   u:object_r:hal_keymint_default_exec:s0
-/vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty            u:object_r:hal_secretkeeper_default_exec:s0
-/vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
-/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel             u:object_r:hal_graphics_composer_default_exec:s0
-/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service                     u:object_r:mediacodec_google_exec:s0
-/vendor/bin/hw/vendor\.dolby\.media\.c2@1\.0-service                        u:object_r:mediacodec_exec:s0
-/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto           u:object_r:hal_secure_element_st54spi_exec:s0
-/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2      u:object_r:hal_secure_element_st33spi_exec:s0
-/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service          u:object_r:hal_secure_element_uicc_exec:s0
-/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
-/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0
-/vendor/bin/hw/android\.hardware\.nfc-service\.st                           u:object_r:hal_nfc_default_exec:s0
-/vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor         u:object_r:hal_wlc_exec:s0
-/vendor/bin/hw/android\.hardware\.usb-service                               u:object_r:hal_usb_impl_exec:s0
-/vendor/bin/hw/android\.hardware\.usb\.gadget-service                       u:object_r:hal_usb_gadget_impl_exec:s0
-/vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
-/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
-/vendor/bin/rlsservice                                                      u:object_r:rlsservice_exec:s0
-/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0
-/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel                   u:object_r:hal_memtrack_default_exec:s0
-/system_ext/bin/convert_to_ext4\.sh                                         u:object_r:convert-to-ext4-sh_exec:s0
-/vendor/bin/hw/disable_contaminant_detection\.sh                            u:object_r:disable-contaminant-detection-sh_exec:s0
-/vendor/bin/init\.check_ap_pd_auth\.sh                                      u:object_r:init-check_ap_pd_auth-sh_exec:s0
-
-# Vendor Firmwares
-/vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
-
-# Gralloc
-/(vendor|system/vendor)/lib(64)?/hw/mapper\.pixel\.so                       u:object_r:same_process_hal_file:s0
-
-# Vendor libraries
-/vendor/lib(64)?/libdrm\.so                                                 u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libion_google\.so                                          u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/arm\.graphics-V1-ndk\.so                                   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libOpenCL-pixel\.so                                        u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libOpenCL\.so                                              u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/lib_aion_buffer\.so                                        u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGralloc4Wrapper\.so                                     u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so                                 u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/android\.frameworks\.stats-V2-ndk\.so                      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so                        u:object_r:same_process_hal_file:s0
-
-# Graphics
-/vendor/lib(64)?/hw/gralloc\.gs201\.so                                      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/vulkan\.mali\.so                                        u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgpudataproducer\.so                                     u:object_r:same_process_hal_file:s0
-
-# Devices
-/dev/dma_heap/sensor_direct_heap                                            u:object_r:sensor_direct_heap_device:s0
-/dev/ttySAC0                                                                u:object_r:tty_device:s0
-/dev/dma_heap/faceauth_tpu-secure                                           u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/faimg-secure                                                  u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/famodel-secure                                                u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/faprev-secure                                                 u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/farawimg-secure                                               u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/vframe-secure                                                 u:object_r:dmabuf_system_secure_heap_device:s0
-/dev/dma_heap/vscaler-secure                                                u:object_r:vscaler_heap_device:s0
-/dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
-/dev/janeiro                                                                u:object_r:edgetpu_device:s0
-/dev/bigocean                                                               u:object_r:video_device:s0
-/dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
-/dev/fth_fd                                                                 u:object_r:fingerprint_device:s0
-/dev/ispolin_ranging                                                        u:object_r:rls_device:s0
-/dev/watchdog0                                                              u:object_r:watchdog_device:s0
-/dev/mali0                                                                  u:object_r:gpu_device:s0
-/dev/logbuffer_usbpd                                                        u:object_r:logbuffer_device:s0
-/dev/logbuffer_pogo_transport                                               u:object_r:logbuffer_device:s0
-/dev/logbuffer_ssoc                                                         u:object_r:logbuffer_device:s0
-/dev/logbuffer_wireless                                                     u:object_r:logbuffer_device:s0
-/dev/logbuffer_ttf                                                          u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxq                                                         u:object_r:logbuffer_device:s0
-/dev/logbuffer_rtx                                                          u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxfg                                                        u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxfg_base                                                   u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxfg_flip                                                   u:object_r:logbuffer_device:s0
-/dev/logbuffer_pca9468_tcpm                                                 u:object_r:logbuffer_device:s0
-/dev/logbuffer_pca9468                                                      u:object_r:logbuffer_device:s0
-/dev/logbuffer_cpm                                                          u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxfg_monitor                                                u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxfg_base_monitor                                           u:object_r:logbuffer_device:s0
-/dev/logbuffer_maxfg_flip_monitor                                           u:object_r:logbuffer_device:s0
-/dev/logbuffer_bd                                                           u:object_r:logbuffer_device:s0
-/dev/logbuffer_cpif                                                         u:object_r:logbuffer_device:s0
-/dev/logbuffer_pcie0                                                        u:object_r:logbuffer_device:s0
-/dev/logbuffer_pcie1                                                        u:object_r:logbuffer_device:s0
-/dev/bbd_pwrstat                                                            u:object_r:power_stats_device:s0
-/dev/lwis-act-jotnar                                                        u:object_r:lwis_device:s0
-/dev/lwis-act-slenderman                                                    u:object_r:lwis_device:s0
-/dev/lwis-act-slenderman-sandworm                                           u:object_r:lwis_device:s0
-/dev/lwis-csi                                                               u:object_r:lwis_device:s0
-/dev/lwis-dpm                                                               u:object_r:lwis_device:s0
-/dev/lwis-eeprom-gargoyle                                                   u:object_r:lwis_device:s0
-/dev/lwis-eeprom-jotnar                                                     u:object_r:lwis_device:s0
-/dev/lwis-eeprom-smaug-buraq                                                u:object_r:lwis_device:s0
-/dev/lwis-eeprom-smaug-dokkaebi                                             u:object_r:lwis_device:s0
-/dev/lwis-eeprom-smaug-sandworm                                             u:object_r:lwis_device:s0
-/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
-/dev/lwis-g3aa                                                              u:object_r:lwis_device:s0
-/dev/lwis-gdc0                                                              u:object_r:lwis_device:s0
-/dev/lwis-gdc1                                                              u:object_r:lwis_device:s0
-/dev/lwis-gtnr-align                                                        u:object_r:lwis_device:s0
-/dev/lwis-gtnr-merge                                                        u:object_r:lwis_device:s0
-/dev/lwis-ipp                                                               u:object_r:lwis_device:s0
-/dev/lwis-itp                                                               u:object_r:lwis_device:s0
-/dev/lwis-mcsc                                                              u:object_r:lwis_device:s0
-/dev/lwis-ois-gargoyle                                                      u:object_r:lwis_device:s0
-/dev/lwis-ois-jotnar                                                        u:object_r:lwis_device:s0
-/dev/lwis-pdp                                                               u:object_r:lwis_device:s0
-/dev/lwis-scsc                                                              u:object_r:lwis_device:s0
-/dev/lwis-sensor-buraq                                                      u:object_r:lwis_device:s0
-/dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
-/dev/lwis-sensor-kraken                                                     u:object_r:lwis_device:s0
-/dev/lwis-sensor-lamassu                                                    u:object_r:lwis_device:s0
-/dev/lwis-sensor-nagual                                                     u:object_r:lwis_device:s0
-/dev/lwis-sensor-sandworm                                                   u:object_r:lwis_device:s0
-/dev/lwis-slc                                                               u:object_r:lwis_device:s0
-/dev/lwis-top                                                               u:object_r:lwis_device:s0
-/dev/lwis-votf                                                              u:object_r:lwis_device:s0
-/dev/dri/card0                                                              u:object_r:graphics_device:s0
-/dev/fimg2d                                                                 u:object_r:graphics_device:s0
-/dev/g2d                                                                    u:object_r:graphics_device:s0
-/dev/gxp                                                                    u:object_r:gxp_device:s0
-/dev/dit2                                                                   u:object_r:vendor_toe_device:s0
-/dev/trusty-ipc-dev0                                                        u:object_r:tee_device:s0
-/dev/st21nfc                                                                u:object_r:nfc_device:s0
-/dev/st54spi                                                                u:object_r:st54spi_device:s0
-/dev/st33spi                                                                u:object_r:st33spi_device:s0
-/dev/ttyGS[0-3]                                                             u:object_r:serial_device:s0
-/dev/oem_ipc[0-7]                                                           u:object_r:radio_device:s0
-/dev/oem_test                                                               u:object_r:radio_test_device:s0
-/dev/umts_boot0                                                             u:object_r:radio_device:s0
-/dev/umts_ipc0                                                              u:object_r:radio_device:s0
-/dev/umts_ipc1                                                              u:object_r:radio_device:s0
-/dev/umts_rfs0                                                              u:object_r:radio_device:s0
-/dev/umts_dm0                                                               u:object_r:radio_device:s0
-/dev/umts_router                                                            u:object_r:radio_device:s0
-/dev/logbuffer_tcpm                                                         u:object_r:logbuffer_device:s0
-/dev/sys/block/bootdevice(/.*)?                                             u:object_r:bootdevice_sysdev:s0
-/dev/socket/chre                                                            u:object_r:chre_socket:s0
-/dev/block/sda                                                              u:object_r:sda_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/abl_[ab]                          u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/bl1_[ab]                          u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/bl2_[ab]                          u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/bl31_[ab]                         u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/boot_[ab]                         u:object_r:boot_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/init_boot_[ab]                    u:object_r:boot_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/devinfo                           u:object_r:devinfo_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab]                   u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab]                         u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/efs                               u:object_r:efs_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/efs_backup                        u:object_r:efs_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/frp                               u:object_r:frp_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/gsa_[ab]                          u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab]                         u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/metadata                          u:object_r:metadata_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/mfg_data                          u:object_r:mfg_data_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/misc                              u:object_r:misc_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/modem_[ab]                        u:object_r:modem_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/modem_userdata                    u:object_r:modem_userdata_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/pbl_[ab]                          u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/persist                           u:object_r:persist_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab]                        u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/super                             u:object_r:super_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab]                         u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/userdata                          u:object_r:userdata_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab]                       u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab]                u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab]                u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab]                  u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab]           u:object_r:custom_ab_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/fips                              u:object_r:fips_block_device:s0
-
-# Data
-/data/vendor/chre(/.*)?                                                     u:object_r:chre_data_file:s0
-/data/vendor/slog(/.*)?                                                     u:object_r:vendor_slog_file:s0
-/data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
-/data/vendor/log(/.*)?                                                      u:object_r:vendor_log_file:s0
-/data/vendor/log/rfsd(/.*)?                                                 u:object_r:vendor_rfsd_log_file:s0
-/data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
-/data/vendor/ss(/.*)?                                                       u:object_r:tee_data_file:s0
-/data/nfc(/.*)?                                                             u:object_r:nfc_data_file:s0
-/data/vendor/firmware/wifi(/.*)?                                            u:object_r:updated_wifi_firmware_data_file:s0
-/data/vendor/misc(/.*)?                                                     u:object_r:vendor_misc_data_file:s0
-/data/per_boot(/.*)?                                                        u:object_r:per_boot_file:s0
-/data/vendor/uwb(/.*)?                                                      u:object_r:uwb_data_vendor:s0
-/dev/maxfg_history                                                          u:object_r:battery_history_device:s0
-/dev/battery_history                                                        u:object_r:battery_history_device:s0
-/data/vendor/powerstats(/.*)?                                               u:object_r:powerstats_vendor_data_file:s0
-/data/vendor/fingerprint(/.*)?                                              u:object_r:fingerprint_vendor_data_file:s0
-
-# Persist
-/mnt/vendor/persist/battery(/.*)?                                           u:object_r:persist_battery_file:s0
-/mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0
-/mnt/vendor/persist/modem(/.*)?                                             u:object_r:persist_modem_file:s0
-/mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
-/mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
-/mnt/vendor/persist/display(/.*)?                                           u:object_r:persist_display_file:s0
-
-# Extra mount images
-/mnt/vendor/modem_img(/.*)?                                                 u:object_r:modem_img_file:s0
-/mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0
-/mnt/vendor/efs_backup(/.*)?                                                u:object_r:modem_efs_file:s0
-/mnt/vendor/modem_userdata(/.*)?                                            u:object_r:modem_userdata_file:s0
diff --git a/sepolicy/whitechapel_pro/genfs_contexts b/sepolicy/whitechapel_pro/genfs_contexts
deleted file mode 100644
index a6872ed1..00000000
--- a/sepolicy/whitechapel_pro/genfs_contexts
+++ /dev/null
@@ -1,365 +0,0 @@
-genfscon sysfs /firmware/devicetree/base/chosen                                u:object_r:sysfs_chosen:s0
-
-# EdgeTPU
-genfscon sysfs /devices/platform/1ce00000.janeiro   u:object_r:sysfs_edgetpu:s0
-
-# CPU
-genfscon sysfs /devices/platform/28000000.mali/time_in_state                                           u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/28000000.mali/uid_time_in_state                                       u:object_r:sysfs_cpu:s0
-
-genfscon sysfs /devices/soc0/machine                                           u:object_r:sysfs_soc:s0
-genfscon sysfs /devices/soc0/revision                                          u:object_r:sysfs_soc:s0
-
-# tracefs
-genfscon tracefs /events/dmabuf_heap/dma_heap_stat                             u:object_r:debugfs_tracing:s0
-
-# Networking
-genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/ieee802154/phy0/net  u:object_r:sysfs_net:s0
-
-# WiFi
-genfscon sysfs /wifi                                                           u:object_r:sysfs_wifi:s0
-genfscon sysfs /wlan_ptracker                                                  u:object_r:sysfs_ptracker:s0
-
-# ACPM
-genfscon sysfs /devices/platform/acpm_stats                                    u:object_r:sysfs_acpm_stats:s0
-
-# Broadcom
-genfscon sysfs /module/bcmdhd4389                                              u:object_r:sysfs_bcmdhd:s0
-
-# GPU
-genfscon sysfs /devices/platform/28000000.mali/hint_min_freq                   u:object_r:sysfs_gpu:s0
-genfscon sysfs /devices/platform/28000000.mali/power_policy                    u:object_r:sysfs_gpu:s0
-genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem                 u:object_r:sysfs_gpu:s0
-genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem                   u:object_r:sysfs_gpu:s0
-genfscon sysfs /devices/platform/28000000.mali/kprcs                           u:object_r:sysfs_gpu:s0
-genfscon sysfs /devices/platform/28000000.mali/dvfs_period                     u:object_r:sysfs_gpu:s0
-genfscon sysfs /devices/platform/28000000.mali/cur_freq                        u:object_r:sysfs_gpu:s0
-
-# Fabric
-genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq                u:object_r:sysfs_fabric:s0
-genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq                u:object_r:sysfs_fabric:s0
-genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0
-
-# sscoredump (per device)
-genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count                  u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count        u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count      u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count        u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count                u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/mali/sscoredump/sscd_mali/report_count                u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-
-# Power Stats
-genfscon sysfs /devices/platform/cpif/modem/power_stats                                u:object_r:sysfs_power_stats:s0
-genfscon sysfs /devices/platform/11920000.pcie/power_stats                             u:object_r:sysfs_power_stats:s0
-genfscon sysfs /devices/platform/14520000.pcie/power_stats                             u:object_r:sysfs_power_stats:s0
-genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0008/power_stats               u:object_r:sysfs_power_stats:s0
-genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/uwb/power_stats u:object_r:sysfs_power_stats:s0
-
-# Modem
-genfscon sysfs /devices/platform/cp-tm1/cp_temp		u:object_r:sysfs_modem:s0
-
-# Power ODPM
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm/iio:device             u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm/wakeup                 u:object_r:sysfs_wakeup:s0
-
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device             u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/wakeup                 u:object_r:sysfs_wakeup:s0
-
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power0_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power1_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power2_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power3_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power4_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power5_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power6_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power7_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power8_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power9_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power10_scale   u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_power11_scale   u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power0_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power1_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power2_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power3_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power4_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power5_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power6_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power7_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power8_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power9_scale    u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power10_scale   u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_power11_scale   u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current0_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current1_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current2_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current3_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current4_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current5_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current6_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current7_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current8_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current9_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-meter/s2mpg12-odpm//iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current0_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current1_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current2_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current3_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current4_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current5_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current6_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current7_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current8_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current9_scale  u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current10_scale u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/s2mpg13-meter/s2mpg13-odpm/iio:device1/in_current11_scale u:object_r:sysfs_odpm:s0
-
-# Devfreq current frequency
-genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq             u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq             u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq       u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq           u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq             u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq             u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq             u:object_r:sysfs_devfreq_cur:s0
-genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq               u:object_r:sysfs_devfreq_cur:s0
-
-# OTA
-genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled           u:object_r:sysfs_ota:s0
-
-# Input
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1        u:object_r:sysfs_uhid:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1        u:object_r:sysfs_uhid:s0
-
-# Display
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/available_disp_stats                 u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma                                u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh                         u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/idle_delay_ms                        u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_idle                           u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_handle_idle_exit          u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/osc2_clk_khz                         u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/time_in_state                        u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock                                                u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup                                           u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup                                           u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c240000.drmdecon/counters                                               u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c241000.drmdecon/counters                                               u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c242000.drmdecon/counters                                               u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight                            u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo                        u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name                           u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number                        u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate                         u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_pwr_vreg                       u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_mode                           u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_state                          u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight                            u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo                        u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name                           u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number                        u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate                         u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/power_state                          u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc                                               u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc                                               u:object_r:sysfs_display:s0
-
-genfscon sysfs /module/drm/parameters/vblankoffdelay                                                      u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/exynos-drm/tui_status                                                    u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0
-
-# Storage
-genfscon proc /fs/f2fs                                                  u:object_r:proc_f2fs:s0
-genfscon proc /sys/vm/swappiness                                        u:object_r:proc_dirty:s0
-genfscon sysfs /devices/platform/14700000.ufs/slowio_read_cnt           u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/slowio_write_cnt          u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/slowio_unmap_cnt          u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/slowio_sync_cnt           u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/manual_gc                 u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/io_stats                  u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/req_stats                 u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/err_stats                 u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/device_descriptor         u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/clkgate_enable            u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/hibern8_on_idle_enable    u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/health_descriptor         u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:  u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/ufs_stats                 u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf   u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/vendor                    u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/model                     u:object_r:sysfs_scsi_devices_0000:s0
-genfscon sysfs /devices/platform/14700000.ufs/rev                       u:object_r:sysfs_scsi_devices_0000:s0
-
-# debugfs
-genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
-genfscon debugfs /maxfg_base                                            u:object_r:vendor_maxfg_debugfs:s0
-genfscon debugfs /maxfg_secondary                                       u:object_r:vendor_maxfg_debugfs:s0
-genfscon debugfs /pm_genpd/pm_genpd_summary                             u:object_r:vendor_pm_genpd_debugfs:s0
-genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
-genfscon debugfs /usb                                                   u:object_r:vendor_usb_debugfs:s0
-genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /max77759_chg                                          u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /gvotables                                             u:object_r:vendor_votable_debugfs:s0
-genfscon debugfs /google_battery                                        u:object_r:vendor_battery_debugfs:s0
-
-# Battery
-genfscon sysfs /devices/platform/google,battery/power_supply/battery            u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/google,cpm                                     u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/google,charger                                 u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c                                 u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /class/power_supply/wireless/device/version                      u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /class/power_supply/wireless/device/status                       u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /class/power_supply/wireless/device/fw_rev                       u:object_r:sysfs_batteryinfo:s0
-
-genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde   u:object_r:sysfs_devices_block:s0
-
-# P22 battery
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c/power_supply     u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0050/eeprom           u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/power_supply     u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0057/chg_stats        u:object_r:sysfs_pca:s0
-
-# Extcon
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/extcon           u:object_r:sysfs_extcon:s0
-
-# Haptics
-genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0043            u:object_r:sysfs_vibrator:s0
-
-# system suspend wakeup files
-genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0008/wakeup                                                         u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/wakeup                                 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0036/power_supply/maxfg/wakeup                                    u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0036/wakeup/wakeup                                                u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0057/power_supply/pca94xx-mains/wakeup                            u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/power_supply/dc/wakeup                                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/power_supply/main-charger/wakeup                             u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0069/wakeup/wakeup                                                u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/power_supply/tcpm-source-psy-13-0025/wakeup                  u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/power_supply/usb/wakeup                                      u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0025/wakeup                                                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c/power_supply/wireless/wakeup                                 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c/wakeup                                                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup                                                          u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup                                   u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb3                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup                                   u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup                                   u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/11210000.usb/wakeup                                                                        u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup                                  u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup                                  u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup                                                         u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup                                             u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/19000000.aoc/com.google.chre/wakeup                                                        u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/19000000.aoc/com.google.chre.non_wake_up/wakeup                                            u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/19000000.aoc/wakeup                                                                        u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup                                                            u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-power-keys/wakeup                             u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup         u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/s2mpg12-rtc/wakeup                                    u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-20/20-001f/wakeup                                                u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-21/21-002f/wakeup                                                u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/cpif/wakeup                                                                                u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup                                                 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup                                                    u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup                                                        u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup                                                        u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/gpio_keys/wakeup                                                                           u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup                                                                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/sound-aoc/wakeup                                                                           u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup                                                 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup                                                 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup                                                     u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup                                                           u:object_r:sysfs_wakeup:s0
-
-
-#SecureElement
-genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0
-
-# Thermal
-genfscon sysfs /devices/platform/100a0000.LITTLE                          u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/100a0000.MID                             u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/100a0000.BIG                             u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/100a0000.ISP                             u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/100b0000.G3D                             u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/100b0000.TPU                             u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/100b0000.AUR                             u:object_r:sysfs_thermal:s0
-
-genfscon sysfs /thermal_zone14/mode                                        u:object_r:sysfs_thermal:s0
-
-# PCIe link
-genfscon sysfs /devices/platform/14520000.pcie/link_stats                 u:object_r:sysfs_exynos_pcie_stats:s0
-genfscon sysfs /devices/platform/11920000.pcie/link_stats                 u:object_r:sysfs_exynos_pcie_stats:s0
-
-# Camera
-genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq    u:object_r:sysfs_camera:s0
-genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq          u:object_r:sysfs_camera:s0
-genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq          u:object_r:sysfs_camera:s0
-
-# SJTAG
-genfscon sysfs /devices/platform/sjtag_ap/interface                       u:object_r:sysfs_sjtag:s0
-genfscon sysfs /devices/platform/sjtag_gsa/interface                      u:object_r:sysfs_sjtag:s0
-
-# USB-C throttling stats
-genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time      u:object_r:sysfs_usbc_throttling_stats:s0
-genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time   u:object_r:sysfs_usbc_throttling_stats:s0
-genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time         u:object_r:sysfs_usbc_throttling_stats:s0
-
-# Coresight ETM
-genfscon sysfs /devices/platform/2b840000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2b940000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2ba40000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2bb40000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2bc40000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2bd40000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2be40000.etm    u:object_r:sysfs_devices_cs_etm:s0
-genfscon sysfs /devices/platform/2bf40000.etm    u:object_r:sysfs_devices_cs_etm:s0
-
-# Trusty
-genfscon sysfs /module/trusty_virtio/parameters/use_high_wq               u:object_r:sysfs_trusty:s0
-genfscon sysfs /module/trusty_core/parameters/use_high_wq                 u:object_r:sysfs_trusty:s0
-
-# EM Profile
-genfscon sysfs /kernel/pixel_em/active_profile                            u:object_r:sysfs_em_profile:s0
-
-# Privacy LED
-genfscon sysfs /devices/platform/pwmleds/leds/green/brightness            u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness        u:object_r:sysfs_leds:s0
-
-# AOC
-genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
-genfscon sysfs /devices/platform/19000000.aoc/firmware                      u:object_r:sysfs_aoc_firmware:s0
-genfscon sysfs /devices/platform/19000000.aoc                               u:object_r:sysfs_aoc:s0
-genfscon sysfs /devices/platform/19000000.aoc/reset                         u:object_r:sysfs_aoc_reset:s0
-genfscon sysfs /devices/platform/19000000.aoc/services                      u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/restart_count                 u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/coredump_count                u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup    u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup       u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup            u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup          u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup        u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup        u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception      u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32      u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1      u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/notify_timeout_aoc_status     u:object_r:sysfs_aoc_notifytimeout:s0
-
-# GPS
-genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby   u:object_r:sysfs_gps:s0
-
-# WLC
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c                  u:object_r:sysfs_wlc:s0
-
-# USB
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state   u:object_r:sysfs_udc:s0
diff --git a/sepolicy/whitechapel_pro/google_camera_app.te b/sepolicy/whitechapel_pro/google_camera_app.te
deleted file mode 100644
index a40f433f..00000000
--- a/sepolicy/whitechapel_pro/google_camera_app.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# Allows camera app to access the GXP device and properties.
-allow google_camera_app gxp_device:chr_file rw_file_perms;
-get_prop(google_camera_app, vendor_gxp_prop)
-
-# Allows camera app to search for GXP firmware file.
-allow google_camera_app vendor_fw_file:dir search;
-
-# Allows GCA to find and access the EdgeTPU.
-allow google_camera_app edgetpu_app_service:service_manager find;
-allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
-
-# Allows tachyon service to communicate with google_camera_app via binder.
-binder_call(edgetpu_tachyon_server, google_camera_app);
diff --git a/sepolicy/whitechapel_pro/gpsd.te b/sepolicy/whitechapel_pro/gpsd.te
deleted file mode 100644
index 79055ecc..00000000
--- a/sepolicy/whitechapel_pro/gpsd.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type gpsd, domain;
-type gpsd_exec, vendor_file_type, exec_type, file_type;
-# Allow gpsd access PixelLogger unix socket in debug build only
-userdebug_or_eng(`
-    typeattribute gpsd mlstrustedsubject;
-    allow gpsd logger_app:unix_stream_socket connectto;
-')
-
-
diff --git a/sepolicy/whitechapel_pro/hal_camera_default.te b/sepolicy/whitechapel_pro/hal_camera_default.te
deleted file mode 100644
index af2350f7..00000000
--- a/sepolicy/whitechapel_pro/hal_camera_default.te
+++ /dev/null
@@ -1,108 +0,0 @@
-type hal_camera_default_tmpfs, file_type;
-
-allow hal_camera_default self:global_capability_class_set sys_nice;
-allow hal_camera_default kernel:process setsched;
-
-binder_use(hal_camera_default);
-vndbinder_use(hal_camera_default);
-
-allow hal_camera_default lwis_device:chr_file rw_file_perms;
-allow hal_camera_default gpu_device:chr_file rw_file_perms;
-allow hal_camera_default sysfs_chip_id:file r_file_perms;
-
-# Face authentication code that is part of the camera HAL needs to allocate
-# dma_bufs and access the Trusted Execution Environment device node
-allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
-allow hal_camera_default tee_device:chr_file rw_file_perms;
-
-# Allow the camera hal to access the EdgeTPU service and the
-# Android shared memory allocated by the EdgeTPU service for
-# on-device compilation.
-allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
-allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
-allow hal_camera_default sysfs_edgetpu:file r_file_perms;
-allow hal_camera_default edgetpu_vendor_service:service_manager find;
-binder_call(hal_camera_default, edgetpu_vendor_server)
-# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
-# library has a dependency on edgetpu_app_service, see b/275016466.
-allow hal_camera_default edgetpu_app_service:service_manager find;
-binder_call(hal_camera_default, edgetpu_app_server)
-
-# Allow access to data files used by the camera HAL
-allow hal_camera_default mnt_vendor_file:dir search;
-allow hal_camera_default persist_file:dir search;
-allow hal_camera_default persist_camera_file:dir rw_dir_perms;
-allow hal_camera_default persist_camera_file:file create_file_perms;
-allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
-allow hal_camera_default vendor_camera_data_file:file create_file_perms;
-
-# Allow creating dump files for debugging in non-release builds
-userdebug_or_eng(`
-  allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
-  allow hal_camera_default vendor_camera_data_file:file create_file_perms;
-')
-
-# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files
-# compiled into the shared libraries with cc_embed_data rules
-tmpfs_domain(hal_camera_default);
-
-# Allow access to camera-related system properties
-set_prop(hal_camera_default, vendor_camera_prop);
-set_prop(hal_camera_default, log_tag_prop);
-get_prop(hal_camera_default, vendor_camera_debug_prop);
-userdebug_or_eng(`
-  set_prop(hal_camera_default, vendor_camera_fatp_prop);
-  set_prop(hal_camera_default, vendor_camera_debug_prop);
-')
-
-# For camera hal to talk with rlsservice
-allow hal_camera_default rls_service:service_manager find;
-binder_call(hal_camera_default, rlsservice)
-
-hal_client_domain(hal_camera_default, hal_graphics_allocator);
-hal_client_domain(hal_camera_default, hal_graphics_composer)
-hal_client_domain(hal_camera_default, hal_power);
-hal_client_domain(hal_camera_default, hal_thermal);
-
-# Allow access to sensor service for sensor_listener
-binder_call(hal_camera_default, system_server);
-
-# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
-allow hal_camera_default eco_service:service_manager find;
-binder_call(hal_camera_default, mediacodec_samsung);
-
-# Allow camera HAL to query preferred camera frequencies from the radio HAL
-# extensions to avoid interference with cellular antennas.
-allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
-binder_call(hal_camera_default, hal_radioext_default);
-
-# Allow camera HAL to connect to the stats service.
-allow hal_camera_default fwk_stats_service:service_manager find;
-
-# For observing apex file changes
-allow hal_camera_default apex_info_file:file r_file_perms;
-
-# Allow camera HAL to query current device clock frequencies.
-allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
-
-# Allow camera HAL to read backlight of display
-allow hal_camera_default sysfs_leds:dir r_dir_perms;
-allow hal_camera_default sysfs_leds:file r_file_perms;
-allow hal_camera_default sysfs_display:file r_file_perms;
-
-# Allow camera HAL to send trace packets to Perfetto
-userdebug_or_eng(`perfetto_producer(hal_camera_default)')
-
-# Some file searches attempt to access system data and are denied.
-# This is benign and can be ignored.
-dontaudit hal_camera_default system_data_file:dir { search };
-
-# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
-dontaudit hal_camera_default traced:unix_stream_socket { connectto };
-dontaudit hal_camera_default traced_producer_socket:sock_file { write };
-
-# Allow access to always-on compute device node
-allow hal_camera_default aoc_device:chr_file rw_file_perms;
-
-# Allow the Camera HAL to acquire wakelocks
-wakelock_use(hal_camera_default)
diff --git a/sepolicy/whitechapel_pro/hal_contexthub.te b/sepolicy/whitechapel_pro/hal_contexthub.te
deleted file mode 100644
index ba776c89..00000000
--- a/sepolicy/whitechapel_pro/hal_contexthub.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Allow context hub HAL to communicate with daemon via socket
-allow hal_contexthub_default chre:unix_stream_socket connectto;
-allow hal_contexthub_default chre_socket:sock_file write;
\ No newline at end of file
diff --git a/sepolicy/whitechapel_pro/hal_input_processor_default.te b/sepolicy/whitechapel_pro/hal_input_processor_default.te
deleted file mode 100644
index 00d4c695..00000000
--- a/sepolicy/whitechapel_pro/hal_input_processor_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# allow InputProcessor HAL to read the display resolution system property
-get_prop(hal_input_processor_default, vendor_display_prop)
diff --git a/sepolicy/whitechapel_pro/hal_sensors_default.te b/sepolicy/whitechapel_pro/hal_sensors_default.te
deleted file mode 100644
index 620095d0..00000000
--- a/sepolicy/whitechapel_pro/hal_sensors_default.te
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# USF sensor HAL SELinux type enforcements.
-#
-
-# Allow reading of camera persist files.
-r_dir_file(hal_sensors_default, persist_camera_file)
-
-# Allow access to the files of CDT information.
-r_dir_file(hal_sensors_default, sysfs_chosen)
-
-# Allow display_info_service access to the backlight driver.
-allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
-
-# Allow access for dynamic sensor properties.
-get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
-
-# Allow access to raw HID devices for dynamic sensors.
-allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
-
-# Allow sensor HAL to access the display service HAL
-allow hal_sensors_default hal_pixel_display_service:service_manager find;
-
-# Allow sensor HAL to access the graphics composer.
-binder_call(hal_sensors_default, hal_graphics_composer_default)
-
-# Allow access to the power supply files for MagCC.
-allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
diff --git a/sepolicy/whitechapel_pro/hal_thermal_default.te b/sepolicy/whitechapel_pro/hal_thermal_default.te
deleted file mode 100644
index a573a2ae..00000000
--- a/sepolicy/whitechapel_pro/hal_thermal_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-r_dir_file(hal_thermal_default, sysfs_iio_devices)
-r_dir_file(hal_thermal_default, sysfs_odpm)
diff --git a/sepolicy/whitechapel_pro/hal_uwb_vendor.te b/sepolicy/whitechapel_pro/hal_uwb_vendor.te
deleted file mode 100644
index dc11d6b8..00000000
--- a/sepolicy/whitechapel_pro/hal_uwb_vendor.te
+++ /dev/null
@@ -1,16 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server)
-binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client)
-
-hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service)
-
-binder_call(hal_uwb_vendor_server, servicemanager)
-
-# allow hal_uwb_vendor to set wpan interfaces up and down
-allow hal_uwb_vendor self:udp_socket create_socket_perms;
-allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
-# TODO(b/190461440): Find a long term solution for this.
-allow hal_uwb_vendor self:global_capability_class_set { net_admin };
-
-# allow hal_uwb_vendor to speak to nl802154 in the kernel
-allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/sepolicy/whitechapel_pro/hal_uwb_vendor_default.te b/sepolicy/whitechapel_pro/hal_uwb_vendor_default.te
deleted file mode 100644
index b287433f..00000000
--- a/sepolicy/whitechapel_pro/hal_uwb_vendor_default.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type hal_uwb_vendor_default, domain;
-type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_uwb_vendor_default)
-
-hal_server_domain(hal_uwb_vendor_default, hal_uwb)
-add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
-
-hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
-binder_call(hal_uwb_vendor_default, uwb_vendor_app)
-
-allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
-allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
-
-get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)
diff --git a/sepolicy/whitechapel_pro/hwservice_contexts b/sepolicy/whitechapel_pro/hwservice_contexts
deleted file mode 100644
index 0035ed49..00000000
--- a/sepolicy/whitechapel_pro/hwservice_contexts
+++ /dev/null
@@ -1,14 +0,0 @@
-# dmd HAL
-vendor.samsung_slsi.telephony.hardware.oemservice::IOemService                     u:object_r:hal_vendor_oem_hwservice:s0
-
-# Fingerprint
-vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon            u:object_r:hal_fingerprint_ext_hwservice:s0
-
-# Wireless charger hal
-vendor.google.wireless_charger::IWirelessCharger                                   u:object_r:hal_wlc_hwservice:s0
-
-# rild HAL
-vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal        u:object_r:hal_exynos_rild_hwservice:s0
-
-# GRIL HAL
-vendor.google.radioext::IRadioExt                                                  u:object_r:hal_radioext_hwservice:s0
diff --git a/sepolicy/whitechapel_pro/incident.te b/sepolicy/whitechapel_pro/incident.te
deleted file mode 100644
index 672606df..00000000
--- a/sepolicy/whitechapel_pro/incident.te
+++ /dev/null
@@ -1,4 +0,0 @@
-userdebug_or_eng(`
-  allow incident logger_app:fd use;
-  allow incident media_rw_data_file:file append;
-')
diff --git a/sepolicy/whitechapel_pro/init-check_ap_pd_auth-sh.te b/sepolicy/whitechapel_pro/init-check_ap_pd_auth-sh.te
deleted file mode 100644
index bcd855c2..00000000
--- a/sepolicy/whitechapel_pro/init-check_ap_pd_auth-sh.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type init-check_ap_pd_auth-sh, domain;
-type init-check_ap_pd_auth-sh_exec, vendor_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
-  init_daemon_domain(init-check_ap_pd_auth-sh)
-
-  set_prop(init-check_ap_pd_auth-sh, vendor_sjtag_lock_state_prop)
-
-  allow init-check_ap_pd_auth-sh sysfs_sjtag:dir r_dir_perms;
-  allow init-check_ap_pd_auth-sh sysfs_sjtag:file r_file_perms;
-
-  allow init-check_ap_pd_auth-sh vendor_shell_exec:file rx_file_perms;
-  allow init-check_ap_pd_auth-sh vendor_toolbox_exec:file rx_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/init.te b/sepolicy/whitechapel_pro/init.te
deleted file mode 100644
index a9d3ac0e..00000000
--- a/sepolicy/whitechapel_pro/init.te
+++ /dev/null
@@ -1,32 +0,0 @@
-allow init modem_img_file:dir mounton;
-allow init mnt_vendor_file:dir mounton;
-allow init modem_img_file:filesystem { getattr mount relabelfrom };
-allow init custom_ab_block_device:lnk_file relabelto;
-
-# This is needed for chaining a boot partition vbmeta
-# descriptor, where init will probe the boot partition
-# to read the chained vbmeta in the first-stage, then
-# relabel /dev/block/by-name/boot_[a|b] to block_device
-# after loading sepolicy in the second stage.
-allow init boot_block_device:lnk_file relabelto;
-
-allow init persist_file:dir mounton;
-allow init modem_efs_file:dir mounton;
-allow init modem_userdata_file:dir mounton;
-allow init ram_device:blk_file w_file_perms;
-allow init sysfs_scsi_devices_0000:file w_file_perms;
-
-# Workaround for b/193113005 that modem_img unlabeled after disable-verity
-dontaudit init overlayfs_file:file rename;
-dontaudit init overlayfs_file:chr_file unlink;
-
-# /system_ext/bin/convert_to_ext4.sh is a script to convert an f2fs
-# filesystem into an ext4 filesystem. This script is executed on
-# debuggable devices only. As it is a one-shot script which
-# has run in permissive mode since 2022, we transition to the
-# su domain to avoid unnecessarily polluting security policy
-# with rules which are never enforced.
-# This script was added in b/239632964
-userdebug_or_eng(`
-  domain_auto_trans(init, convert-to-ext4-sh_exec, su)
-')
diff --git a/sepolicy/whitechapel_pro/insmod-sh.te b/sepolicy/whitechapel_pro/insmod-sh.te
deleted file mode 100644
index c7bbdc6f..00000000
--- a/sepolicy/whitechapel_pro/insmod-sh.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow insmod-sh self:capability sys_nice;
-allow insmod-sh kernel:process setsched;
-
-dontaudit insmod-sh proc_cmdline:file r_file_perms;
-
-allow insmod-sh debugfs_mgm:dir search;
-allow insmod-sh vendor_regmap_debugfs:dir search;
diff --git a/sepolicy/whitechapel_pro/kernel.te b/sepolicy/whitechapel_pro/kernel.te
deleted file mode 100644
index 1af0a9a4..00000000
--- a/sepolicy/whitechapel_pro/kernel.te
+++ /dev/null
@@ -1,18 +0,0 @@
-allow kernel vendor_fw_file:dir r_dir_perms;
-allow kernel vendor_fw_file:file r_file_perms;
-
-# ZRam
-allow kernel per_boot_file:file r_file_perms;
-
-# memlat needs permision to create/delete perf events when hotplug on/off
-allow kernel self:capability2 perfmon;
-allow kernel self:perf_event cpu;
-
-userdebug_or_eng(`
-  allow kernel vendor_battery_debugfs:dir search;
-  allow kernel vendor_regmap_debugfs:dir search;
-  allow kernel vendor_usb_debugfs:dir search;
-  allow kernel vendor_votable_debugfs:dir search;
-  allow kernel vendor_charger_debugfs:dir search;
-  allow kernel vendor_maxfg_debugfs:dir search;
-')
diff --git a/sepolicy/whitechapel_pro/keys.conf b/sepolicy/whitechapel_pro/keys.conf
deleted file mode 100644
index 972a9fa5..00000000
--- a/sepolicy/whitechapel_pro/keys.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-[@GOOGLE]
-ALL : device/google/gs201/sepolicy/whitechapel_pro/certs/app.x509.pem
-
-[@MDS]
-ALL : device/google/gs201/sepolicy/whitechapel_pro/certs/com_google_mds.x509.pem
-
-[@EUICCSUPPORTPIXEL]
-ALL : device/google/gs201/sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
-
-[@CAMERAENG]
-ALL : device/google/gs201/sepolicy/whitechapel_pro/certs/camera_eng.x509.pem
-
-[@CAMERAFISHFOOD]
-ALL : device/google/gs201/sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem
-
-[@CAMERASERVICES]
-ALL : device/google/gs201/sepolicy/whitechapel_pro/certs/com_google_android_apps_camera_services.x509.pem
diff --git a/sepolicy/whitechapel_pro/logger_app.te b/sepolicy/whitechapel_pro/logger_app.te
deleted file mode 100644
index 684e94ad..00000000
--- a/sepolicy/whitechapel_pro/logger_app.te
+++ /dev/null
@@ -1,33 +0,0 @@
-userdebug_or_eng(`
-  allow logger_app radio_vendor_data_file:file create_file_perms;
-  allow logger_app radio_vendor_data_file:dir create_dir_perms;
-  allow logger_app vendor_slog_file:file {r_file_perms unlink};
-  allow logger_app vendor_gps_file:file create_file_perms;
-  allow logger_app vendor_gps_file:dir create_dir_perms;
-  allow logger_app sysfs_sscoredump_level:file r_file_perms;
-  allow logger_app hal_exynos_rild_hwservice:hwservice_manager find;
-
-  binder_call(logger_app, rild)
-
-  r_dir_file(logger_app, ramdump_vendor_data_file)
-  r_dir_file(logger_app, sscoredump_vendor_data_coredump_file)
-  r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file)
-
-  get_prop(logger_app, usb_control_prop)
-  set_prop(logger_app, vendor_logger_prop)
-  set_prop(logger_app, vendor_modem_prop)
-  set_prop(logger_app, vendor_gps_prop)
-  set_prop(logger_app, vendor_audio_prop)
-  set_prop(logger_app, vendor_tcpdump_log_prop)
-  set_prop(logger_app, vendor_ramdump_prop)
-  set_prop(logger_app, vendor_ssrdump_prop)
-  set_prop(logger_app, vendor_rild_prop)
-  set_prop(logger_app, logpersistd_logging_prop)
-  set_prop(logger_app, logd_prop)
-  set_prop(logger_app, vendor_usb_config_prop)
-  set_prop(logger_app, vendor_wifi_sniffer_prop)
-
-  dontaudit logger_app default_prop:file r_file_perms;
-  dontaudit logger_app proc_vendor_sched:dir search;
-  dontaudit logger_app proc_vendor_sched:file write;
-')
diff --git a/sepolicy/whitechapel_pro/mediacodec_google.te b/sepolicy/whitechapel_pro/mediacodec_google.te
deleted file mode 100644
index 713255c1..00000000
--- a/sepolicy/whitechapel_pro/mediacodec_google.te
+++ /dev/null
@@ -1,36 +0,0 @@
-type mediacodec_google, domain;
-type mediacodec_google_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(mediacodec_google)
-
-# can route /dev/binder traffic to /dev/vndbinder
-vndbinder_use(mediacodec_google)
-
-hal_server_domain(mediacodec_google, hal_codec2)
-
-# mediacodec_google may use an input surface from a different Codec2 service
-hal_client_domain(mediacodec_google, hal_codec2)
-
-hal_client_domain(mediacodec_google, hal_graphics_allocator)
-
-allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
-allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
-allow mediacodec_google video_device:chr_file rw_file_perms;
-allow mediacodec_google gpu_device:chr_file rw_file_perms;
-
-crash_dump_fallback(mediacodec_google)
-
-# mediacodec_google should never execute any executable without a domain transition
-neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
-
-# Media processing code is inherently risky and thus should have limited
-# permissions and be isolated from the rest of the system and network.
-# Lengthier explanation here:
-# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
-neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
-neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
-
-userdebug_or_eng(`
- allow mediacodec_google vendor_media_data_file:dir rw_dir_perms;
- allow mediacodec_google vendor_media_data_file:file create_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/modem_diagnostic_app.te b/sepolicy/whitechapel_pro/modem_diagnostic_app.te
deleted file mode 100644
index b21b7929..00000000
--- a/sepolicy/whitechapel_pro/modem_diagnostic_app.te
+++ /dev/null
@@ -1,42 +0,0 @@
-type modem_diagnostic_app, domain;
-
-app_domain(modem_diagnostic_app)
-net_domain(modem_diagnostic_app)
-
-allow modem_diagnostic_app app_api_service:service_manager find;
-allow modem_diagnostic_app radio_service:service_manager find;
-
-userdebug_or_eng(`
-  hal_client_domain(modem_diagnostic_app, hal_power_stats);
-
-  allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find;
-  binder_call(modem_diagnostic_app, rild)
-
-  binder_call(modem_diagnostic_app, dmd)
-
-  set_prop(modem_diagnostic_app, vendor_cbd_prop)
-  set_prop(modem_diagnostic_app, vendor_rild_prop)
-  set_prop(modem_diagnostic_app, vendor_modem_prop)
-
-  allow modem_diagnostic_app sysfs_chosen:dir r_dir_perms;
-  allow modem_diagnostic_app sysfs_chosen:file r_file_perms;
-
-  allow modem_diagnostic_app vendor_fw_file:file r_file_perms;
-
-  allow modem_diagnostic_app radio_vendor_data_file:dir create_dir_perms;
-  allow modem_diagnostic_app radio_vendor_data_file:file create_file_perms;
-
-  allow modem_diagnostic_app mnt_vendor_file:dir r_dir_perms;
-  allow modem_diagnostic_app mnt_vendor_file:file r_file_perms;
-
-  allow modem_diagnostic_app modem_img_file:dir r_dir_perms;
-  allow modem_diagnostic_app modem_img_file:file r_file_perms;
-  allow modem_diagnostic_app modem_img_file:lnk_file r_file_perms;
-
-  allow modem_diagnostic_app hal_vendor_oem_hwservice:hwservice_manager find;
-
-  allow modem_diagnostic_app sysfs_batteryinfo:file r_file_perms;
-  allow modem_diagnostic_app sysfs_batteryinfo:dir search;
-
-  dontaudit modem_diagnostic_app default_prop:file r_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/ofl_app.te b/sepolicy/whitechapel_pro/ofl_app.te
deleted file mode 100644
index a9498165..00000000
--- a/sepolicy/whitechapel_pro/ofl_app.te
+++ /dev/null
@@ -1,20 +0,0 @@
-# OFLBasicAgent app
-
-type ofl_app, domain;
-
-userdebug_or_eng(`
-  app_domain(ofl_app)
-  net_domain(ofl_app)
-
-  allow ofl_app app_api_service:service_manager find;
-  allow ofl_app nfc_service:service_manager find;
-  allow ofl_app radio_service:service_manager find;
-  allow ofl_app surfaceflinger_service:service_manager find;
-
-  # Access to directly update firmware on st54spi_device
-  typeattribute st54spi_device mlstrustedobject;
-  allow ofl_app st54spi_device:chr_file rw_file_perms;
-  # Access to directly update firmware on st33spi_device
-  typeattribute st33spi_device mlstrustedobject;
-  allow ofl_app st33spi_device:chr_file rw_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/pixelstats_vendor.te b/sepolicy/whitechapel_pro/pixelstats_vendor.te
deleted file mode 100644
index 4002807e..00000000
--- a/sepolicy/whitechapel_pro/pixelstats_vendor.te
+++ /dev/null
@@ -1,55 +0,0 @@
-binder_use(pixelstats_vendor)
-
-get_prop(pixelstats_vendor, hwservicemanager_prop)
-hwbinder_use(pixelstats_vendor)
-
-allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
-allow pixelstats_vendor sysfs_pixelstats:file r_file_perms;
-
-# Wireless charge
-allow pixelstats_vendor sysfs_wlc:dir search;
-allow pixelstats_vendor sysfs_wlc:file rw_file_perms;
-# Wireless charge/OrientationCollector
-get_prop(pixelstats_vendor, hwservicemanager_prop);
-hwbinder_use(pixelstats_vendor);
-allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find;
-# android.frameworks.sensorservice through libsensorndkbridge
-allow pixelstats_vendor fwk_sensor_service:service_manager find;
-
-
-# Batery history
-allow pixelstats_vendor battery_history_device:chr_file r_file_perms;
-allow pixelstats_vendor logbuffer_device:chr_file r_file_perms;
-
-# storage smart idle maintenance
-get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop);
-
-# Pca charge
-allow pixelstats_vendor sysfs_pca:file rw_file_perms;
-
-#Thermal
-r_dir_file(pixelstats_vendor, sysfs_thermal)
-allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms;
-
-# BCL
-allow pixelstats_vendor sysfs_bcl:dir search;
-allow pixelstats_vendor sysfs_bcl:file r_file_perms;
-allow pixelstats_vendor mitigation_vendor_data_file:dir search;
-allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms;
-get_prop(pixelstats_vendor, vendor_brownout_reason_prop);
-
-# PCIe statistics
-allow pixelstats_vendor sysfs_exynos_pcie_stats:dir search;
-allow pixelstats_vendor sysfs_exynos_pcie_stats:file rw_file_perms;
-
-#perf-metrics
-r_dir_file(pixelstats_vendor, sysfs_vendor_metrics)
-allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms;
-allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms;
-
-# BCL
-allow pixelstats_vendor sysfs_bcl:dir search;
-allow pixelstats_vendor sysfs_bcl:file r_file_perms;
-allow pixelstats_vendor mitigation_vendor_data_file:dir search;
-allow pixelstats_vendor mitigation_vendor_data_file:file { read write };
-get_prop(pixelstats_vendor, vendor_brownout_reason_prop);
diff --git a/sepolicy/whitechapel_pro/property_contexts b/sepolicy/whitechapel_pro/property_contexts
deleted file mode 100644
index 9f1747b5..00000000
--- a/sepolicy/whitechapel_pro/property_contexts
+++ /dev/null
@@ -1,114 +0,0 @@
-# for dmd
-persist.vendor.sys.dm.                     u:object_r:vendor_diag_prop:s0
-persist.vendor.sys.diag.                   u:object_r:vendor_diag_prop:s0
-vendor.sys.dmd.                            u:object_r:vendor_diag_prop:s0
-vendor.sys.diag.                           u:object_r:vendor_diag_prop:s0
-
-# Tcpdump_logger
-persist.vendor.tcpdump.log.alwayson        u:object_r:vendor_tcpdump_log_prop:s0
-vendor.tcpdump.                            u:object_r:vendor_tcpdump_log_prop:s0
-
-# USB HAL
-persist.vendor.usb.                        u:object_r:vendor_usb_config_prop:s0
-vendor.usb.                                u:object_r:vendor_usb_config_prop:s0
-
-# for slog
-vendor.sys.silentlog.                      u:object_r:vendor_slog_prop:s0
-vendor.sys.exynos.slog.                    u:object_r:vendor_slog_prop:s0
-persist.vendor.sys.silentlog               u:object_r:vendor_slog_prop:s0
-
-# for modem
-persist.vendor.modem.                      u:object_r:vendor_modem_prop:s0
-vendor.modem.                              u:object_r:vendor_modem_prop:s0
-vendor.sys.modem.                          u:object_r:vendor_modem_prop:s0
-vendor.sys.modem_reset                     u:object_r:vendor_modem_prop:s0
-ro.vendor.sys.modem.                       u:object_r:vendor_modem_prop:s0
-vendor.sys.exynos.modempath                u:object_r:vendor_modem_prop:s0
-persist.vendor.sys.modem.                  u:object_r:vendor_modem_prop:s0
-
-# for cbd
-vendor.cbd.                                u:object_r:vendor_cbd_prop:s0
-persist.vendor.cbd.                        u:object_r:vendor_cbd_prop:s0
-
-# for rild
-persist.vendor.ril.                        u:object_r:vendor_rild_prop:s0
-vendor.ril.                                u:object_r:vendor_rild_prop:s0
-vendor.radio.                              u:object_r:vendor_rild_prop:s0
-vendor.sys.rild_reset                      u:object_r:vendor_rild_prop:s0
-persist.vendor.radio.                      u:object_r:vendor_rild_prop:s0
-ro.vendor.config.build_carrier             u:object_r:vendor_carrier_prop:s0
-
-# for GRIL
-vendor.gril.                               u:object_r:vendor_gril_prop:s0
-
-persist.vendor.config.                     u:object_r:vendor_persist_config_default_prop:s0
-
-# SSR Detector
-vendor.debug.ssrdump.                      u:object_r:vendor_ssrdump_prop:s0
-persist.vendor.sys.ssr.                    u:object_r:vendor_ssrdump_prop:s0
-
-# test battery profile
-persist.vendor.testing_battery_profile     u:object_r:vendor_battery_profile_prop:s0
-
-# Battery
-vendor.battery.defender.                   u:object_r:vendor_battery_defender_prop:s0
-persist.vendor.shutdown.                   u:object_r:vendor_shutdown_prop:s0
-
-# NFC
-persist.vendor.nfc.                        u:object_r:vendor_nfc_prop:s0
-
-# SecureElement
-persist.vendor.se.                         u:object_r:vendor_secure_element_prop:s0
-
-# WiFi
-vendor.wlan.driver.version                 u:object_r:vendor_wifi_version:s0
-vendor.wlan.firmware.version               u:object_r:vendor_wifi_version:s0
-
-# for display
-ro.vendor.hwc.drm.device                   u:object_r:vendor_display_prop:s0
-persist.vendor.display.                    u:object_r:vendor_display_prop:s0
-
-# Camera
-persist.vendor.camera.                     u:object_r:vendor_camera_prop:s0
-vendor.camera.                             u:object_r:vendor_camera_prop:s0
-vendor.camera.fatp.                        u:object_r:vendor_camera_fatp_prop:s0
-
-# for logger app
-vendor.pixellogger.                        u:object_r:vendor_logger_prop:s0
-persist.vendor.pixellogger.                u:object_r:vendor_logger_prop:s0
-
-# vendor default
-ro.vendor.sys.                             u:object_r:vendor_ro_sys_default_prop:s0
-persist.vendor.sys.                        u:object_r:vendor_persist_sys_default_prop:s0
-
-# for gps
-vendor.gps.                                u:object_r:vendor_gps_prop:s0
-persist.vendor.gps.                        u:object_r:vendor_gps_prop:s0
-
-# Fingerprint
-vendor.fingerprint.                        u:object_r:vendor_fingerprint_prop:s0
-vendor.gf.                                 u:object_r:vendor_fingerprint_prop:s0
-
-#uwb
-ro.vendor.uwb.calibration.                 u:object_r:vendor_uwb_calibration_prop:s0 exact string
-vendor.uwb.calibration.country_code        u:object_r:vendor_uwb_calibration_country_code:s0 exact string
-
-
-# Dynamic sensor
-vendor.dynamic_sensor.                     u:object_r:vendor_dynamic_sensor_prop:s0
-
-# for ims service
-persist.vendor.ims.                        u:object_r:vendor_imssvc_prop:s0
-
-# for vendor telephony debug app
-vendor.config.debug.                       u:object_r:vendor_telephony_app_prop:s0
-
-# Trusty
-ro.vendor.trusty.storage.fs_ready          u:object_r:vendor_trusty_storage_prop:s0
-
-# Mali GPU driver configuration and debug options
-vendor.mali.                               u:object_r:vendor_arm_runtime_option_prop:s0 prefix
-
-# SJTAG lock state
-ro.vendor.sjtag_ap_is_unlocked             u:object_r:vendor_sjtag_lock_state_prop:s0
-ro.vendor.sjtag_gsa_is_unlocked            u:object_r:vendor_sjtag_lock_state_prop:s0
diff --git a/sepolicy/whitechapel_pro/recovery.te b/sepolicy/whitechapel_pro/recovery.te
deleted file mode 100644
index 1974ebb1..00000000
--- a/sepolicy/whitechapel_pro/recovery.te
+++ /dev/null
@@ -1,4 +0,0 @@
-recovery_only(`
-  allow recovery sysfs_ota:file rw_file_perms;
-  allow recovery st54spi_device:chr_file rw_file_perms;
-')
diff --git a/sepolicy/whitechapel_pro/service.te b/sepolicy/whitechapel_pro/service.te
deleted file mode 100644
index 2fff6689..00000000
--- a/sepolicy/whitechapel_pro/service.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type hal_pixel_display_service, service_manager_type, hal_service_type;
-type hal_uwb_vendor_service, service_manager_type, hal_service_type;
-
-# WLC
-type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;
-
-type rls_service, service_manager_type;
diff --git a/sepolicy/whitechapel_pro/service_contexts b/sepolicy/whitechapel_pro/service_contexts
deleted file mode 100644
index 3cdabb44..00000000
--- a/sepolicy/whitechapel_pro/service_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
-hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_vendor_service:s0
-
-rlsservice                                                 u:object_r:rls_service:s0
diff --git a/sepolicy/whitechapel_pro/shell.te b/sepolicy/whitechapel_pro/shell.te
deleted file mode 100644
index 44ae0768..00000000
--- a/sepolicy/whitechapel_pro/shell.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Allow access to the SJTAG kernel interface from the shell
-userdebug_or_eng(`
-  allow shell sysfs_sjtag:dir r_dir_perms;
-  allow shell sysfs_sjtag:file rw_file_perms;
-')
-
-# wlc
-dontaudit shell sysfs_wlc:dir search;
diff --git a/sepolicy/whitechapel_pro/system_server.te b/sepolicy/whitechapel_pro/system_server.te
deleted file mode 100644
index efc0a103..00000000
--- a/sepolicy/whitechapel_pro/system_server.te
+++ /dev/null
@@ -1,7 +0,0 @@
-binder_call(system_server, hal_camera_default);
-
-# Allow system server to send sensor data callbacks to GPS
-binder_call(system_server, gpsd);
-
-# pixelstats_vendor/OrientationCollector
-binder_call(system_server, pixelstats_vendor);
diff --git a/sepolicy/whitechapel_pro/tcpdump_logger.te b/sepolicy/whitechapel_pro/tcpdump_logger.te
deleted file mode 100644
index f017cedf..00000000
--- a/sepolicy/whitechapel_pro/tcpdump_logger.te
+++ /dev/null
@@ -1,20 +0,0 @@
-type tcpdump_logger, domain;
-type tcpdump_logger_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
-  # make transition from init to its domain
-  init_daemon_domain(tcpdump_logger)
-
-  allow tcpdump_logger self:capability net_raw;
-  allow tcpdump_logger self:packet_socket create_socket_perms;
-  allowxperm tcpdump_logger self:packet_socket ioctl 0x8933;
-  allow tcpdump_logger tcpdump_exec:file rx_file_perms;
-  allow tcpdump_logger tcpdump_vendor_data_file:dir create_dir_perms;
-  allow tcpdump_logger tcpdump_vendor_data_file:file create_file_perms;
-  allow tcpdump_logger radio_vendor_data_file:file create_file_perms;
-  allow tcpdump_logger radio_vendor_data_file:dir create_dir_perms;
-  allow tcpdump_logger wifi_logging_data_file:file create_file_perms;
-  allow tcpdump_logger wifi_logging_data_file:dir create_dir_perms;
-
-  set_prop(tcpdump_logger, vendor_tcpdump_log_prop)
-')
diff --git a/sepolicy/whitechapel_pro/untrusted_app_all.te b/sepolicy/whitechapel_pro/untrusted_app_all.te
deleted file mode 100644
index ec95276c..00000000
--- a/sepolicy/whitechapel_pro/untrusted_app_all.te
+++ /dev/null
@@ -1 +0,0 @@
-dontaudit untrusted_app_all proc_vendor_sched:dir search;
diff --git a/sepolicy/whitechapel_pro/uwb_vendor_app.te b/sepolicy/whitechapel_pro/uwb_vendor_app.te
deleted file mode 100644
index cc5a9de4..00000000
--- a/sepolicy/whitechapel_pro/uwb_vendor_app.te
+++ /dev/null
@@ -1,15 +0,0 @@
-
-not_recovery(`
-allow uwb_vendor_app hal_uwb_vendor_service:service_manager find;
-
-hal_client_domain(uwb_vendor_app, hal_uwb_vendor)
-allow hal_uwb_vendor_default self:global_capability_class_set sys_nice;
-allow hal_uwb_vendor_default kernel:process setsched;
-
-# UwbVendorService must be able to read USRA version from vendor_secure_element_prop
-get_prop(uwb_vendor_app, vendor_secure_element_prop)
-# UwbVendorService must be able to write country code prop
-set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code)
-
-binder_call(uwb_vendor_app, hal_uwb_vendor_default)
-')
diff --git a/sepolicy/whitechapel_pro/vcd.te b/sepolicy/whitechapel_pro/vcd.te
deleted file mode 100644
index c5c229ee..00000000
--- a/sepolicy/whitechapel_pro/vcd.te
+++ /dev/null
@@ -1,13 +0,0 @@
-type vcd, domain;
-type vcd_exec, vendor_file_type, exec_type, file_type;
-userdebug_or_eng(`
-  init_daemon_domain(vcd)
-
-  get_prop(vcd, vendor_rild_prop);
-  get_prop(vcd, vendor_persist_config_default_prop);
-
-  allow vcd serial_device:chr_file rw_file_perms;
-  allow vcd radio_device:chr_file rw_file_perms;
-  allow vcd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
-  allow vcd node:tcp_socket node_bind;
-')
diff --git a/sepolicy/whitechapel_pro/vendor_init.te b/sepolicy/whitechapel_pro/vendor_init.te
deleted file mode 100644
index 7ee3c95b..00000000
--- a/sepolicy/whitechapel_pro/vendor_init.te
+++ /dev/null
@@ -1,45 +0,0 @@
-allow vendor_init bootdevice_sysdev:file create_file_perms;
-
-set_prop(vendor_init, vendor_ssrdump_prop)
-set_prop(vendor_init, vendor_carrier_prop)
-set_prop(vendor_init, vendor_cbd_prop)
-get_prop(vendor_init, vendor_battery_profile_prop)
-set_prop(vendor_init, vendor_camera_prop)
-set_prop(vendor_init, vendor_device_prop)
-set_prop(vendor_init, vendor_modem_prop)
-set_prop(vendor_init, vendor_usb_config_prop)
-set_prop(vendor_init, vendor_rild_prop)
-set_prop(vendor_init, logpersistd_logging_prop)
-set_prop(vendor_init, vendor_logger_prop)
-get_prop(vendor_init, telephony_modem_prop)
-
-
-allow vendor_init proc_dirty:file w_file_perms;
-allow vendor_init proc_sched:file w_file_perms;
-
-# NFC vendor property
-set_prop(vendor_init, vendor_nfc_prop)
-# SecureElement vendor property
-set_prop(vendor_init, vendor_secure_element_prop)
-allow vendor_init sysfs_st33spi:file w_file_perms;
-
-# Fingerprint property
-set_prop(vendor_init, vendor_fingerprint_prop)
-
-allow vendor_init modem_img_file:filesystem { getattr };
-
-# Battery
-set_prop(vendor_init, vendor_battery_defender_prop)
-
-# Display
-set_prop(vendor_init, vendor_display_prop)
-
-# MM
-allow vendor_init proc_watermark_scale_factor:file w_file_perms;
-
-# Trusty storage FS ready
-get_prop(vendor_init, vendor_trusty_storage_prop)
-allow vendor_init tee_data_file:lnk_file read;
-
-# Mali
-set_prop(vendor_init, vendor_arm_runtime_option_prop)
diff --git a/sepolicy/whitechapel_pro/vendor_shell.te b/sepolicy/whitechapel_pro/vendor_shell.te
deleted file mode 100644
index ae63f808..00000000
--- a/sepolicy/whitechapel_pro/vendor_shell.te
+++ /dev/null
@@ -1,3 +0,0 @@
-userdebug_or_eng(`
-  set_prop(vendor_shell, vendor_battery_profile_prop)
-')
diff --git a/sepolicy/whitechapel_pro/vndservice_contexts b/sepolicy/whitechapel_pro/vndservice_contexts
deleted file mode 100644
index 4f9f5a70..00000000
--- a/sepolicy/whitechapel_pro/vndservice_contexts
+++ /dev/null
@@ -1 +0,0 @@
-Exynos.HWCService     u:object_r:vendor_surfaceflinger_vndservice:s0
diff --git a/sepolicy/whitechapel_pro/vold.te b/sepolicy/whitechapel_pro/vold.te
deleted file mode 100644
index 1306d7ca..00000000
--- a/sepolicy/whitechapel_pro/vold.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow vold modem_efs_file:dir rw_dir_perms;
-allow vold modem_userdata_file:dir rw_dir_perms;
-
-allow vold sysfs_scsi_devices_0000:file rw_file_perms;
-
-dontaudit vold dumpstate:fifo_file rw_file_perms;
-dontaudit vold dumpstate:fd use ;
diff --git a/sepolicy/whitechapel_pro/wifi_sniffer.te b/sepolicy/whitechapel_pro/wifi_sniffer.te
deleted file mode 100644
index 1faffcea..00000000
--- a/sepolicy/whitechapel_pro/wifi_sniffer.te
+++ /dev/null
@@ -1,4 +0,0 @@
-userdebug_or_eng(`
-allow wifi_sniffer sysfs_wifi:dir search;
-allow wifi_sniffer sysfs_wifi:file rw_file_perms;
-')
diff --git a/sepolicy/widevine/file.te b/sepolicy/widevine/file.te
deleted file mode 100644
index a1e4e0ec..00000000
--- a/sepolicy/widevine/file.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Widevine DRM
-type mediadrm_vendor_data_file, file_type, data_file_type;
-
diff --git a/sepolicy/widevine/file_contexts b/sepolicy/widevine/file_contexts
deleted file mode 100644
index 92aed3c3..00000000
--- a/sepolicy/widevine/file_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-/vendor/bin/hw/android\.hardware\.drm-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.drm-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
-
-# Data
-/data/vendor/mediadrm(/.*)?                                      u:object_r:mediadrm_vendor_data_file:s0
diff --git a/sepolicy/widevine/service_contexts b/sepolicy/widevine/service_contexts
deleted file mode 100644
index 6989dde8..00000000
--- a/sepolicy/widevine/service_contexts
+++ /dev/null
@@ -1 +0,0 @@
-android.hardware.drm.IDrmFactory/widevine    u:object_r:hal_drm_service:s0