diff --git a/sepolicy/legacy/whitechapel_pro/property.te b/sepolicy/legacy/whitechapel_pro/property.te
index 7fe48175..ff5ef044 100644
--- a/sepolicy/legacy/whitechapel_pro/property.te
+++ b/sepolicy/legacy/whitechapel_pro/property.te
@@ -1,4 +1,6 @@
+# Vendor
 vendor_internal_prop(vendor_nfc_prop)
+vendor_restricted_prop(vendor_nfc_antenna_prop)
 vendor_internal_prop(vendor_secure_element_prop)
 vendor_internal_prop(vendor_battery_profile_prop)
 vendor_internal_prop(vendor_camera_prop)
diff --git a/sepolicy/legacy/whitechapel_pro/property_contexts b/sepolicy/legacy/whitechapel_pro/property_contexts
index fa5c9170..a4222060 100644
--- a/sepolicy/legacy/whitechapel_pro/property_contexts
+++ b/sepolicy/legacy/whitechapel_pro/property_contexts
@@ -3,6 +3,7 @@ persist.vendor.testing_battery_profile     u:object_r:vendor_battery_profile_pro
 
 # NFC
 persist.vendor.nfc.                        u:object_r:vendor_nfc_prop:s0
+persist.vendor.nfc.antenna.                u:object_r:vendor_nfc_antenna_prop:s0
 
 # SecureElement
 persist.vendor.se.                         u:object_r:vendor_secure_element_prop:s0
diff --git a/sepolicy/radio/file_contexts b/sepolicy/radio/file_contexts
index d4f29be0..e02a1aa1 100644
--- a/sepolicy/radio/file_contexts
+++ b/sepolicy/radio/file_contexts
@@ -6,7 +6,6 @@
 /vendor/bin/sced                                                            u:object_r:sced_exec:s0
 /vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
 /vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
-/vendor/bin/modem_svc_sit                                                   u:object_r:modem_svc_sit_exec:s0
 /vendor/bin/modem_ml_svc_sit                                                u:object_r:modem_ml_svc_sit_exec:s0
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
diff --git a/sepolicy/radio/modem_svc_sit.te b/sepolicy/radio/modem_svc_sit.te
index 2b348743..3f225310 100644
--- a/sepolicy/radio/modem_svc_sit.te
+++ b/sepolicy/radio/modem_svc_sit.te
@@ -1,3 +1,4 @@
+# Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
 type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(modem_svc_sit)
diff --git a/sepolicy/system_ext/private/systemui_app.te b/sepolicy/system_ext/private/systemui_app.te
index 5a5f9d28..3b8dadfd 100644
--- a/sepolicy/system_ext/private/systemui_app.te
+++ b/sepolicy/system_ext/private/systemui_app.te
@@ -1,3 +1,4 @@
+# SEPolicy for System UI
 typeattribute systemui_app coredomain;
 app_domain(systemui_app)
 
@@ -19,9 +20,11 @@ allow systemui_app statsmanager_service:service_manager find;
 get_prop(systemui_app, keyguard_config_prop)
 set_prop(systemui_app, bootanim_system_prop)
 get_prop(systemui_app, qemu_hw_prop)
+get_prop(systemui_app, radio_cdma_ecm_prop)
 
 # Allow writing and removing wmshell protolog in /data/misc/wmtrace.
 userdebug_or_eng(`
   allow systemui_app wm_trace_data_file:dir rw_dir_perms;
   allow systemui_app wm_trace_data_file:file create_file_perms;
 ')
+set_prop(systemui_app, debug_tracing_desktop_mode_visible_tasks_prop)
diff --git a/sepolicy/tracking_denials/bluetooth.te b/sepolicy/tracking_denials/bluetooth.te
new file mode 100644
index 00000000..203d58a4
--- /dev/null
+++ b/sepolicy/tracking_denials/bluetooth.te
@@ -0,0 +1,2 @@
+# b/382362125
+dontaudit bluetooth default_android_service:service_manager { find };
diff --git a/sepolicy/tracking_denials/bug_map b/sepolicy/tracking_denials/bug_map
index 48bf2b9d..cfb0d77a 100644
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@@ -1,24 +1,37 @@
+aconfigd apex_info_file file b/381326735
+bluetooth audio_config_prop file b/379245855
 dump_modem sscoredump_vendor_data_coredump_file dir b/361725982
 dump_modem sscoredump_vendor_data_logcat_file dir b/361725982
 dumpstate app_zygote process b/288049050
+edgetpu_vendor_server shell_data_file dir b/369475225
+edgetpu_vendor_server shell_data_file dir b/369475363
 hal_bluetooth_btlinux vendor_default_prop property_service b/350832030
+hal_camera_default aconfig_storage_metadata_file dir b/383013471
 hal_radioext_default radio_vendor_data_file file b/312590044
-hal_vibrator_default default_android_service service_manager b/314054292
-hal_vibrator_default default_android_service service_manager b/367943515
 incidentd debugfs_wakeup_sources file b/288049561
 incidentd incidentd anon_inode b/288049561
+init init capability b/379207041
 insmod-sh insmod-sh key b/274374722
 kernel dm_device blk_file b/319403445
 modem_svc_sit hal_radioext_default process b/364446415
 modem_svc_sit modem_ml_svc_sit file b/360060606
 modem_svc_sit modem_ml_svc_sit file b/360060992
 mtectrl unlabeled dir b/264483752
+pixelstats_vendor block_device dir b/369540673
+pixelstats_vendor block_device dir b/369540836
+platform_app radio_vendor_data_file dir b/380756119
+platform_app vendor_fw_file dir b/372121912
+platform_app vendor_rild_prop file b/372121912
+priv_app audio_config_prop file b/379246064
+radio audio_config_prop file b/379245771
+ramdump ramdump capability b/369475700
 shell sysfs_net file b/330081782
 ssr_detector_app default_prop file b/340722729
 system_server sysfs_batteryinfo file b/294967729
 system_server vendor_default_prop file b/366116488
 system_suspend sysfs_batteryinfo dir b/317316633
 system_suspend sysfs_touch_gti dir b/350832258
+untrusted_app audio_config_prop file b/379245754
 vendor_init default_prop file b/315104235
 vendor_init default_prop file b/315104803
 vendor_init default_prop file b/323087197
@@ -26,3 +39,4 @@ vendor_init default_prop file b/323087490
 vendor_init default_prop property_service b/315104235
 vendor_init default_prop property_service b/359428180
 vendor_init vendor_volte_mif_off property_service b/316816642
+zygote zygote capability b/379207101
diff --git a/sepolicy/vendor/debug_camera_app.te b/sepolicy/vendor/debug_camera_app.te
index 86394cf5..6474cb11 100644
--- a/sepolicy/vendor/debug_camera_app.te
+++ b/sepolicy/vendor/debug_camera_app.te
@@ -1,3 +1,4 @@
+# File containing sepolicies for GCA-Eng & GCA-Next.
 userdebug_or_eng(`
 	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
@@ -9,4 +10,7 @@ userdebug_or_eng(`
 
 	# Allows  GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12.
 	allow debug_camera_app hw_jpg_device:chr_file rw_file_perms;
+
+	# Allow tachyon_service to communicate with GCA-Eng via binder.
+	binder_call(edgetpu_tachyon_server, debug_camera_app);
 ')
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 441690ae..4b6ad96f 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -256,9 +256,6 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply/pca9
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/wakeup                                     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/wakeup                           u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/wakeup/wakeup                                              u:object_r:sysfs_wakeup:s0
-is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, `
-genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state                                       u:object_r:sysfs_udc:s0
-')
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup                                                        u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup                                 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1                                   u:object_r:sysfs_wakeup:s0
@@ -349,3 +346,8 @@ genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled           u
 # CPU
 genfscon sysfs /kernel/metrics/cpuidle_histogram/cpuidle_histogram        u:object_r:sysfs_cpu:s0
 genfscon sysfs /kernel/metrics/cpuidle_histogram/cpucluster_histogram     u:object_r:sysfs_cpu:s0
+
+# USB
+starting_at_board_api(202504, `
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state   u:object_r:sysfs_udc:s0
+')
diff --git a/sepolicy/vendor/google_camera_app.te b/sepolicy/vendor/google_camera_app.te
index c572c26e..05aff08a 100644
--- a/sepolicy/vendor/google_camera_app.te
+++ b/sepolicy/vendor/google_camera_app.te
@@ -8,3 +8,6 @@ allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }
 
 # Allows GCA to access the hw_jpeg /dev/video12.
 allow google_camera_app hw_jpg_device:chr_file rw_file_perms;
+
+# Allow tachyon service to communicate with google_camera_app via binder.
+binder_call(edgetpu_tachyon_server, google_camera_app);
diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te
index d71d9e28..d4dcf471 100644
--- a/sepolicy/vendor/hal_nfc_default.te
+++ b/sepolicy/vendor/hal_nfc_default.te
@@ -1,5 +1,9 @@
 # HAL NFC property
-get_prop(hal_nfc_default, vendor_nfc_prop)
+set_prop(hal_nfc_default, vendor_nfc_prop)
+set_prop(hal_nfc_default, vendor_nfc_antenna_prop)
+userdebug_or_eng(
+  get_prop(untrusted_app, vendor_nfc_antenna_prop)
+)
 
 # SecureElement property
 set_prop(hal_nfc_default, vendor_secure_element_prop)
diff --git a/sepolicy/vendor/hal_usb_impl.te b/sepolicy/vendor/hal_usb_impl.te
index 7c320b65..2e8652ea 100644
--- a/sepolicy/vendor/hal_usb_impl.te
+++ b/sepolicy/vendor/hal_usb_impl.te
@@ -20,7 +20,7 @@ hal_client_domain(hal_usb_impl, hal_thermal);
 # For monitoring usb sysfs attributes
 allow hal_usb_impl sysfs_wakeup:dir search;
 allow hal_usb_impl sysfs_wakeup:file r_file_perms;
-is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, `
+starting_at_board_api(202504, `
 allow hal_usb_impl sysfs_udc:file r_file_perms;
 ')
 
diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts
index 00cf9c5b..ffa2639b 100644
--- a/sepolicy/vendor/service_contexts
+++ b/sepolicy/vendor/service_contexts
@@ -3,5 +3,3 @@ com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
 
 arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0
-
-android.hardware.media.c2.IComponentStore/default1         u:object_r:hal_codec2_service:s0
diff --git a/sepolicy/zuma-sepolicy.mk b/sepolicy/zuma-sepolicy.mk
index 8df56e77..724298cb 100644
--- a/sepolicy/zuma-sepolicy.mk
+++ b/sepolicy/zuma-sepolicy.mk
@@ -6,7 +6,7 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/googlebattery
 
 # sepolicy that are shared among devices using zuma
 BOARD_SEPOLICY_DIRS += device/google/zuma/sepolicy/vendor
-BOARD_SEPOLICY_DIRS += device/google/zuma/sepolicy/radio
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/zuma/sepolicy/radio
 PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zuma/sepolicy/radio/private
 
 # unresolved SELinux error log with bug tracking