diff --git a/sepolicy/gs201-sepolicy.mk b/sepolicy/gs201-sepolicy.mk
index 61f92565..89330881 100644
--- a/sepolicy/gs201-sepolicy.mk
+++ b/sepolicy/gs201-sepolicy.mk
@@ -8,7 +8,7 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/input
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/googlebattery
 
 # sepolicy that are shared among devices using whitechapel
-BOARD_SEPOLICY_DIRS += device/google/gs201/sepolicy/whitechapel_pro
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs201/sepolicy/whitechapel_pro
 
 # unresolved SELinux error log with bug tracking
 BOARD_SEPOLICY_DIRS += device/google/gs201/sepolicy/tracking_denials
diff --git a/sepolicy/tracking_denials/bluetooth.te b/sepolicy/tracking_denials/bluetooth.te
new file mode 100644
index 00000000..0b18dd9e
--- /dev/null
+++ b/sepolicy/tracking_denials/bluetooth.te
@@ -0,0 +1,2 @@
+# b/382362323
+dontaudit bluetooth default_android_service:service_manager { find };
diff --git a/sepolicy/tracking_denials/bug_map b/sepolicy/tracking_denials/bug_map
index aa33000f..9246974a 100644
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@@ -1,22 +1,32 @@
+aconfigd apex_info_file file b/381326452
+bluetooth audio_config_prop file b/379245738
 dump_display sysfs file b/350831939
 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277
 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277
 dumpstate unlabeled file b/350832009
+hal_camera_default aconfig_storage_metadata_file dir b/383013727
 hal_face_default traced_producer_socket sock_file b/305600808
 hal_power_default hal_power_default capability b/237492146
+hal_sensors_default property_socket sock_file b/373755350
 hal_sensors_default sysfs file b/336451433
-hal_vibrator_default default_android_service service_manager b/360057889
 incidentd debugfs_wakeup_sources file b/282626428
 incidentd incidentd anon_inode b/282626428
+init init capability b/379206608
 insmod-sh insmod-sh key b/336451874
 kernel dm_device blk_file b/319403445
 kernel kernel capability b/336451113
 kernel tmpfs chr_file b/321731318
+pixelstats_vendor block_device dir b/369540701
+platform_app vendor_fw_file dir b/377811773
+platform_app vendor_rild_prop file b/377811773
+priv_app audio_config_prop file b/379246129
+ramdump ramdump capability b/369475655
 rfsd vendor_cbd_prop file b/317734397
 shell sysfs_net file b/329380891
 ssr_detector_app default_prop file b/359428005
 surfaceflinger selinuxfs file b/315104594
 system_server vendor_default_prop file b/366116786
+untrusted_app audio_config_prop file b/379245515
 vendor_init debugfs_trace_marker file b/336451787
 vendor_init default_prop file b/315104479
 vendor_init default_prop file b/315104803
@@ -27,3 +37,4 @@ vendor_init default_prop file b/329381126
 vendor_init default_prop property_service b/315104803
 vendor_init default_prop property_service b/359427666
 vendor_init default_prop property_service b/359428317
+zygote zygote capability b/379206941
diff --git a/sepolicy/tracking_denials/hal_vibrator_default.te b/sepolicy/tracking_denials/hal_vibrator_default.te
new file mode 100644
index 00000000..87fc4f03
--- /dev/null
+++ b/sepolicy/tracking_denials/hal_vibrator_default.te
@@ -0,0 +1,2 @@
+# b/360057889
+dontaudit hal_vibrator_default default_android_service:service_manager { find };
diff --git a/sepolicy/whitechapel_pro/convert-to-ext4-sh.te b/sepolicy/whitechapel_pro/convert-to-ext4-sh.te
deleted file mode 100644
index d64382df..00000000
--- a/sepolicy/whitechapel_pro/convert-to-ext4-sh.te
+++ /dev/null
@@ -1,34 +0,0 @@
-type convert-to-ext4-sh, domain, coredomain;
-type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
-  permissive convert-to-ext4-sh;
-
-  init_daemon_domain(convert-to-ext4-sh)
-
-  allow convert-to-ext4-sh block_device:dir search;
-  allow convert-to-ext4-sh e2fs_exec:file rx_file_perms;
-  allow convert-to-ext4-sh efs_block_device:blk_file rw_file_perms;
-  allow convert-to-ext4-sh kernel:process setsched;
-  allow convert-to-ext4-sh kmsg_device:chr_file rw_file_perms;
-  allow convert-to-ext4-sh persist_block_device:blk_file { getattr ioctl open read write };
-  allow convert-to-ext4-sh shell_exec:file rx_file_perms;
-  allow convert-to-ext4-sh sysfs_fs_ext4_features:dir { read search };
-  allow convert-to-ext4-sh sysfs_fs_ext4_features:file read;
-  allow convert-to-ext4-sh tmpfs:dir { add_name create mounton open };
-  allow convert-to-ext4-sh tmpfs:dir { remove_name rmdir rw_file_perms setattr };
-  allow convert-to-ext4-sh tmpfs:file { create rw_file_perms unlink };
-  allow convert-to-ext4-sh toolbox_exec:file rx_file_perms;
-  allow convert-to-ext4-sh vendor_persist_type:dir { rw_file_perms search };
-  allow convert-to-ext4-sh vendor_persist_type:file rw_file_perms;
-
-  allowxperm convert-to-ext4-sh { efs_block_device persist_block_device}:blk_file ioctl {
-    BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET LOOP_CLR_FD
-  };
-
-  dontaudit convert-to-ext4-sh labeledfs:filesystem  { mount unmount };
-  dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio };
-  dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr };
-  dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr };
-  dontaudit convert-to-ext4-sh convert-to-ext4-sh:capability { dac_override };
-')
diff --git a/sepolicy/whitechapel_pro/debug_camera_app.te b/sepolicy/whitechapel_pro/debug_camera_app.te
index 427a7735..9d7bcd87 100644
--- a/sepolicy/whitechapel_pro/debug_camera_app.te
+++ b/sepolicy/whitechapel_pro/debug_camera_app.te
@@ -1,3 +1,4 @@
+# File containing sepolicies for GCA-Eng & GCA-Next.
 userdebug_or_eng(`
 	# Allows camera app to access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
@@ -9,4 +10,7 @@ userdebug_or_eng(`
 	# Allows GCA-Eng to find and access the EdgeTPU.
 	allow debug_camera_app edgetpu_app_service:service_manager find;
 	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+	# Allows tachyon_service to communicate with GCA-Eng via binder.
+	binder_call(edgetpu_tachyon_server, debug_camera_app);
 ')
diff --git a/sepolicy/whitechapel_pro/dump_power.te b/sepolicy/whitechapel_pro/dump_power.te
index d745b20d..66115230 100644
--- a/sepolicy/whitechapel_pro/dump_power.te
+++ b/sepolicy/whitechapel_pro/dump_power.te
@@ -13,3 +13,13 @@ allow dump_power mitigation_vendor_data_file:dir r_dir_perms;
 allow dump_power mitigation_vendor_data_file:file r_file_perms;
 allow dump_power sysfs_bcl:dir r_dir_perms;
 allow dump_power sysfs_bcl:file r_file_perms;
+allow dump_power battery_history_device:chr_file r_file_perms;
+
+userdebug_or_eng(`
+  r_dir_file(dump_power, vendor_battery_debugfs)
+  r_dir_file(dump_power, vendor_maxfg_debugfs)
+  r_dir_file(dump_power, vendor_charger_debugfs)
+  r_dir_file(dump_power, vendor_votable_debugfs)
+  allow dump_power debugfs:dir r_dir_perms;
+  allow dump_power vendor_usb_debugfs:dir { search };
+')
diff --git a/sepolicy/whitechapel_pro/file.te b/sepolicy/whitechapel_pro/file.te
index e528d458..929ea63c 100644
--- a/sepolicy/whitechapel_pro/file.te
+++ b/sepolicy/whitechapel_pro/file.te
@@ -93,3 +93,6 @@ type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
 
 # WLC
 type sysfs_wlc, sysfs_type, fs_type;
+
+# /system_ext/bin/convert_to_ext4.sh
+type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type;
diff --git a/sepolicy/whitechapel_pro/file_contexts b/sepolicy/whitechapel_pro/file_contexts
index 626ebe64..23ae061a 100644
--- a/sepolicy/whitechapel_pro/file_contexts
+++ b/sepolicy/whitechapel_pro/file_contexts
@@ -5,7 +5,6 @@
 /vendor/bin/vcd                                                             u:object_r:vcd_exec:s0
 /vendor/bin/chre                                                            u:object_r:chre_exec:s0
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
-/vendor/bin/modem_svc_sit                                                   u:object_r:modem_svc_sit_exec:s0
 /vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
 /vendor/bin/bipchmgr                                                        u:object_r:bipchmgr_exec:s0
 /vendor/bin/storageproxyd                                                   u:object_r:tee_exec:s0
@@ -83,7 +82,7 @@
 /dev/janeiro                                                                u:object_r:edgetpu_device:s0
 /dev/bigocean                                                               u:object_r:video_device:s0
 /dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
-/dev/stmvl53l1_ranging                                                      u:object_r:rls_device:s0
+/dev/ispolin_ranging                                                        u:object_r:rls_device:s0
 /dev/watchdog0                                                              u:object_r:watchdog_device:s0
 /dev/mali0                                                                  u:object_r:gpu_device:s0
 /dev/logbuffer_usbpd                                                        u:object_r:logbuffer_device:s0
diff --git a/sepolicy/whitechapel_pro/google_camera_app.te b/sepolicy/whitechapel_pro/google_camera_app.te
index 0ef04cc4..a40f433f 100644
--- a/sepolicy/whitechapel_pro/google_camera_app.te
+++ b/sepolicy/whitechapel_pro/google_camera_app.te
@@ -8,3 +8,6 @@ allow google_camera_app vendor_fw_file:dir search;
 # Allows GCA to find and access the EdgeTPU.
 allow google_camera_app edgetpu_app_service:service_manager find;
 allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows tachyon service to communicate with google_camera_app via binder.
+binder_call(edgetpu_tachyon_server, google_camera_app);
diff --git a/sepolicy/whitechapel_pro/init.te b/sepolicy/whitechapel_pro/init.te
index 3175db8c..a9d3ac0e 100644
--- a/sepolicy/whitechapel_pro/init.te
+++ b/sepolicy/whitechapel_pro/init.te
@@ -19,3 +19,14 @@ allow init sysfs_scsi_devices_0000:file w_file_perms;
 # Workaround for b/193113005 that modem_img unlabeled after disable-verity
 dontaudit init overlayfs_file:file rename;
 dontaudit init overlayfs_file:chr_file unlink;
+
+# /system_ext/bin/convert_to_ext4.sh is a script to convert an f2fs
+# filesystem into an ext4 filesystem. This script is executed on
+# debuggable devices only. As it is a one-shot script which
+# has run in permissive mode since 2022, we transition to the
+# su domain to avoid unnecessarily polluting security policy
+# with rules which are never enforced.
+# This script was added in b/239632964
+userdebug_or_eng(`
+  domain_auto_trans(init, convert-to-ext4-sh_exec, su)
+')
diff --git a/sepolicy/whitechapel_pro/modem_svc_sit.te b/sepolicy/whitechapel_pro/modem_svc_sit.te
index 606cd520..0097a46a 100644
--- a/sepolicy/whitechapel_pro/modem_svc_sit.te
+++ b/sepolicy/whitechapel_pro/modem_svc_sit.te
@@ -1,3 +1,4 @@
+# Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
 type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(modem_svc_sit)
diff --git a/sepolicy/whitechapel_pro/service_contexts b/sepolicy/whitechapel_pro/service_contexts
index 0158b562..e3ae0e74 100644
--- a/sepolicy/whitechapel_pro/service_contexts
+++ b/sepolicy/whitechapel_pro/service_contexts
@@ -4,5 +4,3 @@ hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_ve
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
 
 rlsservice                                                 u:object_r:rls_service:s0
-
-android.hardware.media.c2.IComponentStore/default1         u:object_r:hal_codec2_service:s0