diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te
index cf3eae0f..c45efc25 100644
--- a/legacy/whitechapel_pro/device.te
+++ b/legacy/whitechapel_pro/device.te
@@ -3,10 +3,6 @@ type sg_device, dev_type;
 type vendor_toe_device, dev_type;
 type lwis_device, dev_type;
 type rls_device, dev_type;
-type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
-type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
-type vframe_heap_device, dmabuf_heap_device_type, dev_type;
-type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
 
 # Raw HID device
 type hidraw_device, dev_type;
diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts
index 7655c288..b439766f 100644
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@@ -28,16 +28,7 @@
 /vendor/lib(64)?/libgpudataproducer\.so                                     u:object_r:same_process_hal_file:s0
 
 # Devices
-/dev/dma_heap/sensor_direct_heap                                            u:object_r:sensor_direct_heap_device:s0
 /dev/ttySAC0                                                                u:object_r:tty_device:s0
-/dev/dma_heap/faceauth_tpu-secure                                           u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/faimg-secure                                                  u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/famodel-secure                                                u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/faprev-secure                                                 u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/farawimg-secure                                               u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/vframe-secure                                                 u:object_r:dmabuf_system_secure_heap_device:s0
-/dev/dma_heap/vscaler-secure                                                u:object_r:vscaler_heap_device:s0
-/dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
 /dev/bigwave                                                                u:object_r:video_device:s0
 /dev/stmvl53l1_ranging                                                      u:object_r:rls_device:s0
 /dev/watchdog0                                                              u:object_r:watchdog_device:s0
diff --git a/tracking_denials/hal_graphics_allocator_default.te b/tracking_denials/hal_graphics_allocator_default.te
deleted file mode 100644
index fc6f3891..00000000
--- a/tracking_denials/hal_graphics_allocator_default.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/264489636
-userdebug_or_eng(`
-  permissive hal_graphics_allocator_default;
-')
\ No newline at end of file
diff --git a/vendor/device.te b/vendor/device.te
index d2e086ab..abf7dbc3 100644
--- a/vendor/device.te
+++ b/vendor/device.te
@@ -6,5 +6,10 @@ type logbuffer_device, dev_type;
 type gxp_device, dev_type;
 type fingerprint_device, dev_type;
 
+# Dmabuf heaps
+type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
+type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
+type video_secure_heap_device, dmabuf_heap_device_type, dev_type;
+
 # SecureElement SPI device
 type st54spi_device, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index e1e071bc..781e1f02 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -136,6 +136,15 @@
 /dev/lwis-votf                                                              u:object_r:lwis_device:s0
 /dev/st54spi                                                                u:object_r:st54spi_device:s0
 /dev/trusty-ipc-dev0                                                        u:object_r:tee_device:s0
+/dev/dma_heap/sensor_direct_heap                                            u:object_r:sensor_direct_heap_device:s0
+/dev/dma_heap/faceauth_tpu-secure                                           u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/faimg-secure                                                  u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/famodel-secure                                                u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/faprev-secure                                                 u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/farawimg-secure                                               u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/vframe-secure                                                 u:object_r:video_secure_heap_device:s0
+/dev/dma_heap/vscaler-secure                                                u:object_r:video_secure_heap_device:s0
+/dev/dma_heap/vstream-secure                                                u:object_r:video_secure_heap_device:s0
 
 # Data
 /data/vendor/camera(/.*)?                                                   u:object_r:vendor_camera_data_file:s0
diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te
new file mode 100644
index 00000000..e322c3a0
--- /dev/null
+++ b/vendor/hal_graphics_allocator_default.te
@@ -0,0 +1,4 @@
+allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default video_secure_heap_device:chr_file r_file_perms;