diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index f4c02f3e..35aa13e4 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -3,3 +3,4 @@ dontaudit mediaprovider_app vendor_file:file { getattr };
 dontaudit mediaprovider_app vendor_file:file { map };
 dontaudit mediaprovider_app vendor_file:file { open };
 dontaudit mediaprovider_app vendor_file:file { read };
+permissive mediaprovider_app;
diff --git a/private/odrefresh.te b/private/odrefresh.te
index 9f14ceaf..83b1e631 100644
--- a/private/odrefresh.te
+++ b/private/odrefresh.te
@@ -1 +1,4 @@
-dontaudit odrefresh property_type:file *;
+userdebug_or_eng(`
+  permissive odrefresh;
+  dontaudit odrefresh property_type:file *;
+')
diff --git a/private/system_suspend.te b/private/system_suspend.te
new file mode 100644
index 00000000..f126523a
--- /dev/null
+++ b/private/system_suspend.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+  permissive system_suspend;
+')
diff --git a/tracking_denials/bootdevice_sysdev.te b/tracking_denials/bootdevice_sysdev.te
deleted file mode 100644
index 6aebfd9f..00000000
--- a/tracking_denials/bootdevice_sysdev.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/261105238
-dontaudit bootdevice_sysdev sysfs:filesystem { associate };
diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te
index 970e7d56..1be9be5a 100644
--- a/tracking_denials/permissive.te
+++ b/tracking_denials/permissive.te
@@ -1,48 +1,84 @@
 userdebug_or_eng(`
-  permissive pixelstats_vendor;
-  permissive logger_app;
-  permissive fastbootd;
-  permissive audioserver;
-  permissive hal_bluetooth_btlinux;
-  permissive bootdevice_sysdev;
-  permissive charger_vendor;
-  permissive chre;
-  permissive kernel;
-  permissive bootanim;
-  permissive hal_graphics_allocator_default;
-  permissive hal_graphics_composer_default;
-  permissive hal_health_storage_default;
-  permissive hal_power_stats_default;
-  permissive hal_fingerprint_default;
-  permissive gxp_logging;
-  permissive hal_contexthub_default;
-  permissive hal_sensors_default;
-  permissive recovery;
-  permissive con_monitor_app;
-  permissive hal_secure_element_st54spi;
-  permissive ofl_app;
-  permissive hal_thermal_default;
-  permissive hal_secure_element_uicc;
-  permissive hal_usb_gadget_impl;
-  permissive hal_usb_impl;
-  permissive hal_camera_default;
-  permissive hal_uwb_vendor_default;
-  permissive google_camera_app;
-  permissive uwb_vendor_app;
-  permissive hal_wifi_ext;
-  permissive hal_wlc;
-  permissive init;
-  permissive logd;
-  permissive mediacodec_google;
-  permissive mediacodec_samsung;
-  permissive platform_app;
-  permissive hbmsvmanager_app;
-  permissive rlsservice;
-  permissive system_server;
-  permissive tcpdump_logger;
-  permissive vendor_init;
-  permissive tee;
-  permissive trusty_apploader;
-  permissive trusty_metricsd;
-  permissive vold;
+permissive audioserver;
+permissive bootanim;
+permissive bootdevice_sysdev;
+permissive charger_vendor;
+permissive chre;
+permissive citadeld;
+permissive con_monitor_app;
+permissive dumpstate;
+permissive edgetpu_logging;
+permissive euiccpixel_app;
+permissive fastbootd;
+permissive gmscore_app;
+permissive google_camera_app;
+permissive gxp_logging;
+permissive hal_bluetooth_btlinux;
+permissive hal_bootctl_default;
+permissive hal_camera_default;
+permissive hal_confirmationui_default;
+permissive hal_contexthub_default;
+permissive hal_dumpstate_default;
+permissive hal_fingerprint_default;
+permissive hal_graphics_allocator_default;
+permissive hal_graphics_composer_default;
+permissive hal_health_storage_default;
+permissive hal_neuralnetworks_armnn;
+permissive hal_neuralnetworks_darwinn;
+permissive hal_power_default;
+permissive hal_power_stats_default;
+permissive hal_secure_element_st54spi;
+permissive hal_secure_element_uicc;
+permissive hal_sensors_default;
+permissive hal_thermal_default;
+permissive hal_usb_gadget_impl;
+permissive hal_usb_impl;
+permissive hal_uwb_default;
+permissive hal_uwb_vendor_default;
+permissive hal_vibrator_default;
+permissive hal_wifi_ext;
+permissive hal_wireless_charger;
+permissive hal_wlc;
+permissive hbmsvmanager_app;
+permissive hwservicemanager;
+permissive incidentd;
+permissive init;
+permissive insmod-sh;
+permissive installd;
+permissive isolated_app;
+permissive kernel;
+permissive logd;
+permissive logger_app;
+permissive mediacodec_google;
+permissive mediacodec_samsung;
+permissive mediaserver;
+permissive mediaswcodec;
+permissive nfc;
+permissive ofl_app;
+permissive pixelstats_vendor;
+permissive platform_app;
+permissive priv_app;
+permissive proc_vendor_sched;
+permissive rebalance_interrupts_vendor;
+permissive recovery;
+permissive rild;
+permissive rlsservice;
+permissive secure_element;
+permissive servicemanager;
+permissive shell;
+permissive ssr_detector_app;
+permissive system_app;
+permissive system_server;
+permissive tcpdump_logger;
+permissive tee;
+permissive toolbox;
+permissive trusty_apploader;
+permissive trusty_metricsd;
+permissive untrusted_app;
+permissive untrusted_app_30;
+permissive usbd;
+permissive uwb_vendor_app;
+permissive vendor_init;
+permissive vold;
+permissive zygote;
 ')
diff --git a/tracking_denials/proc_vendor_sched.te b/tracking_denials/proc_vendor_sched.te
deleted file mode 100644
index 2bc19057..00000000
--- a/tracking_denials/proc_vendor_sched.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/260366398
-dontaudit proc_vendor_sched proc:filesystem { associate };
diff --git a/vendor/file.te b/vendor/file.te
index bf8b79e3..038ee91f 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -8,3 +8,7 @@ type sysfs_mfc, sysfs_type, fs_type;
 
 # Trusty
 type sysfs_trusty, sysfs_type, fs_type;
+
+# mount FS
+allow proc_vendor_sched proc:filesystem associate;
+allow bootdevice_sysdev sysfs:filesystem associate;