diff --git a/legacy/domain.te b/legacy/domain.te
index 96283269..2073b47b 100644
--- a/legacy/domain.te
+++ b/legacy/domain.te
@@ -14,7 +14,6 @@ dontaudit domain fs_type:filesystem *;
 dontaudit domain dev_type:file *;
 dontaudit domain dev_type:chr_file *;
 dontaudit domain dev_type:blk_file *;
-dontaudit domain service_manager_type:service_manager *;
 dontaudit domain domain:capability *;
 dontaudit domain domain:binder *;
 dontaudit domain domain:socket_class_set *;
diff --git a/tracking_denials/cbd.te b/tracking_denials/cbd.te
new file mode 100644
index 00000000..93a18e25
--- /dev/null
+++ b/tracking_denials/cbd.te
@@ -0,0 +1,2 @@
+# b/202906831
+dontaudit cbd unlabeled:lnk_file { read };
diff --git a/tracking_denials/citadeld.te b/tracking_denials/citadeld.te
new file mode 100644
index 00000000..ed49ef56
--- /dev/null
+++ b/tracking_denials/citadeld.te
@@ -0,0 +1,3 @@
+# b/202906931
+dontaudit citadeld default_android_vndservice:service_manager { add };
+dontaudit citadeld hal_power_stats_vendor_service:service_manager { find };
diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
new file mode 100644
index 00000000..a272b76f
--- /dev/null
+++ b/tracking_denials/hal_camera_default.te
@@ -0,0 +1,3 @@
+# b/202906784
+dontaudit hal_camera_default edgetpu_vendor_server:fd { use };
+dontaudit hal_camera_default hal_radioext_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te
new file mode 100644
index 00000000..577c7424
--- /dev/null
+++ b/tracking_denials/hal_drm_widevine.te
@@ -0,0 +1,4 @@
+# b/202906980
+dontaudit hal_drm_widevine hal_drm_hwservice:hwservice_manager { add };
+dontaudit hal_drm_widevine hal_drm_hwservice:hwservice_manager { find };
+dontaudit hal_drm_widevine hidl_base_hwservice:hwservice_manager { add };
diff --git a/tracking_denials/hal_fingerprint_default.te b/tracking_denials/hal_fingerprint_default.te
new file mode 100644
index 00000000..238a3941
--- /dev/null
+++ b/tracking_denials/hal_fingerprint_default.te
@@ -0,0 +1,4 @@
+# b/202906981
+dontaudit hal_fingerprint_default block_device:dir { search };
+dontaudit hal_fingerprint_default hal_fingerprint_ext_hwservice:hwservice_manager { add };
+dontaudit hal_fingerprint_default hal_fingerprint_ext_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
new file mode 100644
index 00000000..7d081059
--- /dev/null
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -0,0 +1,5 @@
+# b/202906947
+dontaudit hal_graphics_composer_default vendor_displaycolor_service:service_manager { add };
+dontaudit hal_graphics_composer_default vendor_displaycolor_service:service_manager { find };
+dontaudit hal_graphics_composer_default vendor_surfaceflinger_vndservice:service_manager { add };
+dontaudit hal_graphics_composer_default vendor_surfaceflinger_vndservice:service_manager { find };
diff --git a/tracking_denials/hal_identity_citadel.te b/tracking_denials/hal_identity_citadel.te
new file mode 100644
index 00000000..c0c7e374
--- /dev/null
+++ b/tracking_denials/hal_identity_citadel.te
@@ -0,0 +1,2 @@
+# b/202906902
+dontaudit hal_identity_citadel default_android_vndservice:service_manager { find };
diff --git a/tracking_denials/hal_keymint_citadel.te b/tracking_denials/hal_keymint_citadel.te
new file mode 100644
index 00000000..d9000fe0
--- /dev/null
+++ b/tracking_denials/hal_keymint_citadel.te
@@ -0,0 +1,2 @@
+# b/202907039
+dontaudit hal_keymint_citadel default_android_vndservice:service_manager { find };
diff --git a/tracking_denials/hal_secure_element_uicc.te b/tracking_denials/hal_secure_element_uicc.te
new file mode 100644
index 00000000..5b1d3c62
--- /dev/null
+++ b/tracking_denials/hal_secure_element_uicc.te
@@ -0,0 +1,2 @@
+# b/202902683
+dontaudit hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te
new file mode 100644
index 00000000..df0efbdb
--- /dev/null
+++ b/tracking_denials/hal_usb_impl.te
@@ -0,0 +1,8 @@
+# b/202906786
+dontaudit hal_usb_impl configfs:lnk_file { create };
+dontaudit hal_usb_impl configfs:lnk_file { read };
+dontaudit hal_usb_impl hal_usb_gadget_hwservice:hwservice_manager { add };
+dontaudit hal_usb_impl hal_usb_gadget_hwservice:hwservice_manager { find };
+dontaudit hal_usb_impl hal_usb_hwservice:hwservice_manager { add };
+dontaudit hal_usb_impl hal_usb_hwservice:hwservice_manager { find };
+dontaudit hal_usb_impl hidl_base_hwservice:hwservice_manager { add };
diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te
new file mode 100644
index 00000000..b8fc9bd0
--- /dev/null
+++ b/tracking_denials/hal_vibrator_default.te
@@ -0,0 +1,3 @@
+# b/202906903
+dontaudit hal_vibrator_default input_device:dir { open };
+dontaudit hal_vibrator_default input_device:dir { read };
diff --git a/tracking_denials/hal_weaver_citadel.te b/tracking_denials/hal_weaver_citadel.te
new file mode 100644
index 00000000..831deb80
--- /dev/null
+++ b/tracking_denials/hal_weaver_citadel.te
@@ -0,0 +1,9 @@
+# b/202907040
+dontaudit hal_weaver_citadel default_android_vndservice:service_manager { find };
+dontaudit hal_weaver_citadel hal_authsecret_hwservice:hwservice_manager { add };
+dontaudit hal_weaver_citadel hal_authsecret_hwservice:hwservice_manager { find };
+dontaudit hal_weaver_citadel hal_oemlock_hwservice:hwservice_manager { add };
+dontaudit hal_weaver_citadel hal_oemlock_hwservice:hwservice_manager { find };
+dontaudit hal_weaver_citadel hal_weaver_hwservice:hwservice_manager { add };
+dontaudit hal_weaver_citadel hal_weaver_hwservice:hwservice_manager { find };
+dontaudit hal_weaver_citadel hidl_base_hwservice:hwservice_manager { add };
diff --git a/tracking_denials/init_citadel.te b/tracking_denials/init_citadel.te
new file mode 100644
index 00000000..4ac161ee
--- /dev/null
+++ b/tracking_denials/init_citadel.te
@@ -0,0 +1,2 @@
+# b/202906904
+dontaudit init_citadel default_android_vndservice:service_manager { find };
diff --git a/tracking_denials/mediacodec_google.te b/tracking_denials/mediacodec_google.te
new file mode 100644
index 00000000..805c4984
--- /dev/null
+++ b/tracking_denials/mediacodec_google.te
@@ -0,0 +1,4 @@
+# b/202906901
+dontaudit mediacodec_google hal_codec2_hwservice:hwservice_manager { add };
+dontaudit mediacodec_google hal_codec2_hwservice:hwservice_manager { find };
+dontaudit mediacodec_google hidl_base_hwservice:hwservice_manager { add };
diff --git a/tracking_denials/mediacodec_samsung.te b/tracking_denials/mediacodec_samsung.te
new file mode 100644
index 00000000..05d5b618
--- /dev/null
+++ b/tracking_denials/mediacodec_samsung.te
@@ -0,0 +1,5 @@
+# b/202906949
+dontaudit mediacodec_samsung eco_service:service_manager { add };
+dontaudit mediacodec_samsung hal_codec2_hwservice:hwservice_manager { add };
+dontaudit mediacodec_samsung hal_codec2_hwservice:hwservice_manager { find };
+dontaudit mediacodec_samsung hidl_base_hwservice:hwservice_manager { add };
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
new file mode 100644
index 00000000..3ded10b4
--- /dev/null
+++ b/tracking_denials/platform_app.te
@@ -0,0 +1,2 @@
+# b/202906787
+dontaudit platform_app hal_wlc_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
new file mode 100644
index 00000000..28914cba
--- /dev/null
+++ b/tracking_denials/priv_app.te
@@ -0,0 +1,2 @@
+# b/202906772
+dontaudit priv_app hal_exynos_rild_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/rfsd.te b/tracking_denials/rfsd.te
new file mode 100644
index 00000000..72b14e68
--- /dev/null
+++ b/tracking_denials/rfsd.te
@@ -0,0 +1,2 @@
+# b/202906886
+dontaudit rfsd unlabeled:lnk_file { read };
diff --git a/tracking_denials/rild.te b/tracking_denials/rild.te
new file mode 100644
index 00000000..5907bb39
--- /dev/null
+++ b/tracking_denials/rild.te
@@ -0,0 +1,2 @@
+# b/202907136
+dontaudit rild unlabeled:lnk_file { read };
diff --git a/tracking_denials/rlsservice.te b/tracking_denials/rlsservice.te
new file mode 100644
index 00000000..5646c336
--- /dev/null
+++ b/tracking_denials/rlsservice.te
@@ -0,0 +1,2 @@
+# b/202906997
+dontaudit rlsservice rls_service:service_manager { add };
diff --git a/tracking_denials/thermal_link_device.te b/tracking_denials/thermal_link_device.te
new file mode 100644
index 00000000..0ed3944f
--- /dev/null
+++ b/tracking_denials/thermal_link_device.te
@@ -0,0 +1,2 @@
+# b/202907037
+dontaudit thermal_link_device sysfs:filesystem { associate };
diff --git a/tracking_denials/vendor_ims_app.te b/tracking_denials/vendor_ims_app.te
new file mode 100644
index 00000000..eed024ed
--- /dev/null
+++ b/tracking_denials/vendor_ims_app.te
@@ -0,0 +1,2 @@
+# b/202906888
+dontaudit vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/vendor_rcs_app.te b/tracking_denials/vendor_rcs_app.te
new file mode 100644
index 00000000..cd0570e0
--- /dev/null
+++ b/tracking_denials/vendor_rcs_app.te
@@ -0,0 +1,2 @@
+# b/202907058
+dontaudit vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager { find };
diff --git a/whitechapel_pro/service.te b/whitechapel_pro/service.te
new file mode 100644
index 00000000..9c935e9c
--- /dev/null
+++ b/whitechapel_pro/service.te
@@ -0,0 +1 @@
+type hal_pixel_display_service, service_manager_type, vendor_service;
diff --git a/whitechapel_pro/service_contexts b/whitechapel_pro/service_contexts
new file mode 100644
index 00000000..9592f86f
--- /dev/null
+++ b/whitechapel_pro/service_contexts
@@ -0,0 +1 @@
+com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
diff --git a/whitechapel_pro/vndservice.te b/whitechapel_pro/vndservice.te
index bc886191..d1483600 100644
--- a/whitechapel_pro/vndservice.te
+++ b/whitechapel_pro/vndservice.te
@@ -1,2 +1,5 @@
 type hal_power_stats_vendor_service, vndservice_manager_type;
 type rls_service, vndservice_manager_type;
+type vendor_displaycolor_service, vndservice_manager_type;
+type vendor_surfaceflinger_vndservice, vndservice_manager_type;
+type eco_service, vndservice_manager_type;
diff --git a/whitechapel_pro/vndservice_contexts b/whitechapel_pro/vndservice_contexts
index 66cab482..e7fb4338 100644
--- a/whitechapel_pro/vndservice_contexts
+++ b/whitechapel_pro/vndservice_contexts
@@ -1 +1,4 @@
 rlsservice            u:object_r:rls_service:s0
+displaycolor          u:object_r:vendor_displaycolor_service:s0
+Exynos.HWCService     u:object_r:vendor_surfaceflinger_vndservice:s0
+media.ecoservice      u:object_r:eco_service:s0