diff --git a/radio/file_contexts b/radio/file_contexts
index ed9c2201..e02a1aa1 100644
--- a/radio/file_contexts
+++ b/radio/file_contexts
@@ -12,7 +12,6 @@
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
 /vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
 /vendor/bin/copy_efs_files_to_data                                                            u:object_r:copy_efs_files_to_data_exec:s0
-/vendor/bin/shared_modem_platform                                           u:object_r:modem_svc_sit_exec:s0
 
 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te
index fb77bf80..3f225310 100644
--- a/radio/modem_svc_sit.te
+++ b/radio/modem_svc_sit.te
@@ -38,9 +38,6 @@ get_prop(modem_svc_sit, hwservicemanager_prop)
 # logging property
 get_prop(modem_svc_sit, vendor_logger_prop)
 
-# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
-hal_server_domain(modem_svc_sit, hal_shared_modem_platform)
-
 # Write trace data to the Perfetto traced daemon. This requires connecting to
 # its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(modem_svc_sit)
diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te
new file mode 100644
index 00000000..203d58a4
--- /dev/null
+++ b/tracking_denials/bluetooth.te
@@ -0,0 +1,2 @@
+# b/382362125
+dontaudit bluetooth default_android_service:service_manager { find };
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 2483e1ef..aba5c495 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,16 +1,18 @@
+aconfigd apex_info_file file b/381326735
+bluetooth audio_config_prop file b/379245855
 dump_modem sscoredump_vendor_data_coredump_file dir b/361725982
 dump_modem sscoredump_vendor_data_logcat_file dir b/361725982
 dumpstate app_zygote process b/288049050
 edgetpu_vendor_server shell_data_file dir b/369475225
 edgetpu_vendor_server shell_data_file dir b/369475363
 hal_bluetooth_btlinux vendor_default_prop property_service b/350832030
-hal_fingerprint_default default_android_service service_manager b/376602341
+hal_camera_default aconfig_storage_metadata_file dir b/383013471
 hal_radioext_default radio_vendor_data_file file b/312590044
-hal_vibrator_default default_android_service service_manager b/314054292
-hal_vibrator_default default_android_service service_manager b/367943515
 incidentd debugfs_wakeup_sources file b/288049561
 incidentd incidentd anon_inode b/288049561
+init init capability b/379207041
 insmod-sh insmod-sh key b/274374722
+insmod-sh vendor_edgetpu_debugfs dir b/385858993
 kernel dm_device blk_file b/319403445
 modem_svc_sit hal_radioext_default process b/364446415
 modem_svc_sit modem_ml_svc_sit file b/360060606
@@ -18,15 +20,21 @@ modem_svc_sit modem_ml_svc_sit file b/360060992
 mtectrl unlabeled dir b/264483752
 pixelstats_vendor block_device dir b/369540673
 pixelstats_vendor block_device dir b/369540836
+platform_app radio_vendor_data_file dir b/380756119
 platform_app vendor_fw_file dir b/372121912
 platform_app vendor_rild_prop file b/372121912
+priv_app audio_config_prop file b/379246064
+radio audio_config_prop file b/379245771
 ramdump ramdump capability b/369475700
+ramdump_app default_prop file b/386149375
+ramdump_app privapp_data_file lnk_file b/385858590
 shell sysfs_net file b/330081782
 ssr_detector_app default_prop file b/340722729
 system_server sysfs_batteryinfo file b/294967729
 system_server vendor_default_prop file b/366116488
 system_suspend sysfs_batteryinfo dir b/317316633
 system_suspend sysfs_touch_gti dir b/350832258
+untrusted_app audio_config_prop file b/379245754
 vendor_init default_prop file b/315104235
 vendor_init default_prop file b/315104803
 vendor_init default_prop file b/323087197
@@ -34,3 +42,5 @@ vendor_init default_prop file b/323087490
 vendor_init default_prop property_service b/315104235
 vendor_init default_prop property_service b/359428180
 vendor_init vendor_volte_mif_off property_service b/316816642
+zygote aconfig_storage_metadata_file dir b/383949325
+zygote zygote capability b/379207101
diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te
index 86394cf5..6474cb11 100644
--- a/vendor/debug_camera_app.te
+++ b/vendor/debug_camera_app.te
@@ -1,3 +1,4 @@
+# File containing sepolicies for GCA-Eng & GCA-Next.
 userdebug_or_eng(`
 	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
@@ -9,4 +10,7 @@ userdebug_or_eng(`
 
 	# Allows  GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12.
 	allow debug_camera_app hw_jpg_device:chr_file rw_file_perms;
+
+	# Allow tachyon_service to communicate with GCA-Eng via binder.
+	binder_call(edgetpu_tachyon_server, debug_camera_app);
 ')
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 444e96d8..953f12e6 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -100,6 +100,7 @@ is_flag_disabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
 /dev/gxp                                                                    u:object_r:gxp_device:s0
 /dev/mali0                                                                  u:object_r:gpu_device:s0
 /dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
+/dev/fth_fd                                                                 u:object_r:fingerprint_device:s0
 /dev/logbuffer_tcpm                                                         u:object_r:logbuffer_device:s0
 /dev/logbuffer_usbpd                                                        u:object_r:logbuffer_device:s0
 /dev/logbuffer_ssoc                                                         u:object_r:logbuffer_device:s0
diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts
index 4384177d..13af49b0 100644
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@@ -290,6 +290,8 @@ genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup
 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup/                                              u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/wakeup/                                              u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/wakeup                                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup                                                   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup                                                         u:object_r:sysfs_wakeup:s0
 
 # Trusty
 genfscon sysfs /module/trusty_virtio/parameters/use_high_wq               u:object_r:sysfs_trusty:s0
@@ -346,3 +348,8 @@ genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled           u
 # CPU
 genfscon sysfs /kernel/metrics/cpuidle_histogram/cpuidle_histogram        u:object_r:sysfs_cpu:s0
 genfscon sysfs /kernel/metrics/cpuidle_histogram/cpucluster_histogram     u:object_r:sysfs_cpu:s0
+
+# USB
+starting_at_board_api(202504, `
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state   u:object_r:sysfs_udc:s0
+')
diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te
index c572c26e..05aff08a 100644
--- a/vendor/google_camera_app.te
+++ b/vendor/google_camera_app.te
@@ -8,3 +8,6 @@ allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }
 
 # Allows GCA to access the hw_jpeg /dev/video12.
 allow google_camera_app hw_jpg_device:chr_file rw_file_perms;
+
+# Allow tachyon service to communicate with google_camera_app via binder.
+binder_call(edgetpu_tachyon_server, google_camera_app);
diff --git a/vendor/gpu.te b/vendor/gpu.te
new file mode 100644
index 00000000..24e901d0
--- /dev/null
+++ b/vendor/gpu.te
@@ -0,0 +1,10 @@
+# Policy to enable only production gpu ioctls.
+is_flag_enabled(RELEASE_PIXEL_MALI_SEPOLICY_ENABLED, `
+  # Allow gpu ioctls used in production.
+  allowxperm appdomain gpu_device:chr_file ioctl { unpriv_gpu_ioctls instrumentation_gpu_ioctls };
+  # Audit gpu ioctl commands which have been deprecated,
+  # or are intended for development of the GPU.
+  auditallow appdomain gpu_device:chr_file ioctl;
+  allowxperm appdomain gpu_device:chr_file ioctl { debug_gpu_ioctls deprecated_gpu_ioctls };
+  auditallowxperm appdomain gpu_device:chr_file ioctl { debug_gpu_ioctls deprecated_gpu_ioctls };
+')
diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te
index 3d89a09f..2e8652ea 100644
--- a/vendor/hal_usb_impl.te
+++ b/vendor/hal_usb_impl.te
@@ -20,6 +20,9 @@ hal_client_domain(hal_usb_impl, hal_thermal);
 # For monitoring usb sysfs attributes
 allow hal_usb_impl sysfs_wakeup:dir search;
 allow hal_usb_impl sysfs_wakeup:file r_file_perms;
+starting_at_board_api(202504, `
+allow hal_usb_impl sysfs_udc:file r_file_perms;
+')
 
 # For metrics upload
 allow hal_usb_impl fwk_stats_service:service_manager find;
diff --git a/vendor/ioctl_defines b/vendor/ioctl_defines
new file mode 100644
index 00000000..4bf35075
--- /dev/null
+++ b/vendor/ioctl_defines
@@ -0,0 +1,73 @@
+define(`KBASE_IOCTL_VERSION_CHECK_JM', `0x8000')
+define(`KBASE_IOCTL_SET_FLAGS', `0x8001')
+define(`KBASE_IOCTL_JOB_SUBMIT', `0x8002')
+define(`KBASE_IOCTL_GET_GPUPROPS', `0x8003')
+define(`KBASE_IOCTL_POST_TERM', `0x8004')
+define(`KBASE_IOCTL_MEM_ALLOC', `0x8005')
+define(`KBASE_IOCTL_MEM_QUERY', `0x8006')
+define(`KBASE_IOCTL_MEM_FREE', `0x8007')
+define(`KBASE_IOCTL_HWCNT_READER_SETUP', `0x8008')
+define(`KBASE_IOCTL_DISJOINT_QUERY', `0x800c')
+define(`KBASE_IOCTL_GET_DDK_VERSION', `0x800d')
+define(`KBASE_IOCTL_MEM_JIT_INIT', `0x800e')
+define(`KBASE_IOCTL_MEM_SYNC', `0x800f')
+define(`KBASE_IOCTL_MEM_FIND_CPU_OFFSET', `0x8010')
+define(`KBASE_IOCTL_GET_CONTEXT_ID', `0x8011')
+define(`KBASE_IOCTL_TLSTREAM_ACQUIRE', `0x8012')
+define(`KBASE_IOCTL_TLSTREAM_FLUSH', `0x8013')
+define(`KBASE_IOCTL_MEM_COMMIT', `0x8014')
+define(`KBASE_IOCTL_MEM_ALIAS', `0x8015')
+define(`KBASE_IOCTL_MEM_IMPORT', `0x8016')
+define(`KBASE_IOCTL_MEM_FLAGS_CHANGE', `0x8017')
+define(`KBASE_IOCTL_STREAM_CREATE', `0x8018')
+define(`KBASE_IOCTL_FENCE_VALIDATE', `0x8019')
+define(`KBASE_IOCTL_MEM_PROFILE_ADD', `0x801b')
+define(`KBASE_IOCTL_SOFT_EVENT_UPDATE', `0x801c')
+define(`KBASE_IOCTL_STICKY_RESOURCE_MAP', `0x801d')
+define(`KBASE_IOCTL_STICKY_RESOURCE_UNMAP', `0x801e')
+define(`KBASE_IOCTL_MEM_FIND_GPU_START_AND_OFFSET', `0x801f')
+define(`KBASE_IOCTL_HWCNT_SET', `0x8020')
+define(`KBASE_IOCTL_CINSTR_GWT_START', `0x8021')
+define(`KBASE_IOCTL_CINSTR_GWT_STOP', `0x8022')
+define(`KBASE_IOCTL_CINSTR_GWT_DUMP', `0x8023')
+define(`KBASE_IOCTL_CS_QUEUE_REGISTER', `0x8024')
+define(`KBASE_IOCTL_CS_QUEUE_KICK', `0x8025')
+define(`KBASE_IOCTL_MEM_EXEC_INIT', `0x8026')
+define(`KBASE_IOCTL_CS_QUEUE_BIND', `0x8027')
+define(`KBASE_IOCTL_CS_QUEUE_REGISTER_EX', `0x8028')
+define(`KBASE_IOCTL_CS_QUEUE_TERMINATE', `0x8029')
+define(`KBASE_IOCTL_CS_QUEUE_GROUP_CREATE_1_6', `0x802a')
+define(`KBASE_IOCTL_CS_QUEUE_GROUP_TERMINATE', `0x802b')
+define(`KBASE_IOCTL_CS_EVENT_SIGNAL', `0x802c')
+define(`KBASE_IOCTL_KCPU_QUEUE_CREATE', `0x802d')
+define(`KBASE_IOCTL_KCPU_QUEUE_DELETE', `0x802e')
+define(`KBASE_IOCTL_KCPU_QUEUE_ENQUEUE', `0x802f')
+define(`KBASE_IOCTL_CS_TILER_HEAP_INIT', `0x8030')
+define(`KBASE_IOCTL_CS_TILER_HEAP_TERM', `0x8031')
+define(`KBASE_IOCTL_GET_CPU_GPU_TIMEINFO', `0x8032')
+define(`KBASE_IOCTL_CS_GET_GLB_IFACE', `0x8033')
+define(`KBASE_IOCTL_VERSION_CHECK_CSF', `0x8034')
+define(`KBASE_IOCTL_CS_CPU_QUEUE_DUMP', `0x8035')
+define(`KBASE_IOCTL_CONTEXT_PRIORITY_CHECK', `0x8036')
+define(`KBASE_IOCTL_SET_LIMITED_CORE_COUNT', `0x8037')
+define(`KBASE_IOCTL_KINSTR_PRFCNT_ENUM_INFO', `0x8038')
+define(`KBASE_IOCTL_KINSTR_PRFCNT_SETUP', `0x8039')
+define(`KBASE_IOCTL_CS_QUEUE_GROUP_CREATE', `0x803a')
+define(`KBASE_IOCTL_MEM_ALLOC_EX', `0x803b')
+define(`KBASE_IOCTL_READ_USER_PAGE', `0x803c')
+define(`KBASE_IOCTL_QUEUE_GROUP_CLEAR_FAULTS', `0x803d')
+define(`KBASE_IOCTL_APC_REQUEST', `0x8042')
+define(`KBASE_IOCTL_BUFFER_LIVENESS_UPDATE', `0x8043')
+define(`KBASE_HWCNT_READER_GET_HWVER', `0xBE00')
+define(`KBASE_HWCNT_READER_GET_BUFFER_SIZE', `0xBE01')
+define(`KBASE_HWCNT_READER_DUMP', `0xBE10')
+define(`KBASE_HWCNT_READER_CLEAR', `0xBE11')
+define(`KBASE_HWCNT_READER_GET_BUFFER', `0xBE20')
+define(`KBASE_HWCNT_READER_PUT_BUFFER', `0xBE21')
+define(`KBASE_HWCNT_READER_SET_INTERVAL', `0xBE30')
+define(`KBASE_HWCNT_READER_ENABLE_EVENT', `0xBE40')
+define(`KBASE_HWCNT_READER_DISABLE_EVENT', `0xBE41')
+define(`KBASE_HWCNT_READER_GET_API_VERSION', `0xBEFF')
+define(`KBASE_IOCTL_KINSTR_PRFCNT_CMD', `0xBF00')
+define(`KBASE_IOCTL_KINSTR_PRFCNT_GET_SAMPLE', `0xBF01')
+define(`KBASE_IOCTL_KINSTR_PRFCNT_PUT_SAMPLE', `0xBF10')
diff --git a/vendor/ioctl_macros b/vendor/ioctl_macros
new file mode 100644
index 00000000..3874e049
--- /dev/null
+++ b/vendor/ioctl_macros
@@ -0,0 +1,83 @@
+define(`unpriv_gpu_ioctls', `{
+  KBASE_IOCTL_VERSION_CHECK_JM
+  KBASE_IOCTL_SET_FLAGS
+  KBASE_IOCTL_JOB_SUBMIT
+  KBASE_IOCTL_GET_GPUPROPS
+  KBASE_IOCTL_POST_TERM
+  KBASE_IOCTL_MEM_ALLOC
+  KBASE_IOCTL_MEM_QUERY
+  KBASE_IOCTL_MEM_FREE
+  KBASE_IOCTL_DISJOINT_QUERY
+  KBASE_IOCTL_GET_DDK_VERSION
+  KBASE_IOCTL_MEM_JIT_INIT
+  KBASE_IOCTL_MEM_SYNC
+  KBASE_IOCTL_MEM_FIND_CPU_OFFSET
+  KBASE_IOCTL_GET_CONTEXT_ID
+  KBASE_IOCTL_MEM_COMMIT
+  KBASE_IOCTL_MEM_ALIAS
+  KBASE_IOCTL_MEM_IMPORT
+  KBASE_IOCTL_MEM_FLAGS_CHANGE
+  KBASE_IOCTL_STREAM_CREATE
+  KBASE_IOCTL_FENCE_VALIDATE
+  KBASE_IOCTL_MEM_PROFILE_ADD
+  KBASE_IOCTL_SOFT_EVENT_UPDATE
+  KBASE_IOCTL_STICKY_RESOURCE_MAP
+  KBASE_IOCTL_STICKY_RESOURCE_UNMAP
+  KBASE_IOCTL_MEM_FIND_GPU_START_AND_OFFSET
+  KBASE_IOCTL_CS_QUEUE_REGISTER
+  KBASE_IOCTL_CS_QUEUE_KICK
+  KBASE_IOCTL_MEM_EXEC_INIT
+  KBASE_IOCTL_CS_QUEUE_BIND
+  KBASE_IOCTL_CS_QUEUE_REGISTER_EX
+  KBASE_IOCTL_CS_QUEUE_TERMINATE
+  KBASE_IOCTL_CS_QUEUE_GROUP_TERMINATE
+  KBASE_IOCTL_CS_EVENT_SIGNAL
+  KBASE_IOCTL_KCPU_QUEUE_CREATE
+  KBASE_IOCTL_KCPU_QUEUE_DELETE
+  KBASE_IOCTL_KCPU_QUEUE_ENQUEUE
+  KBASE_IOCTL_CS_TILER_HEAP_INIT
+  KBASE_IOCTL_CS_TILER_HEAP_TERM
+  KBASE_IOCTL_GET_CPU_GPU_TIMEINFO
+  KBASE_IOCTL_CS_GET_GLB_IFACE
+  KBASE_IOCTL_VERSION_CHECK_CSF
+  KBASE_IOCTL_CS_CPU_QUEUE_DUMP
+  KBASE_IOCTL_CONTEXT_PRIORITY_CHECK
+  KBASE_IOCTL_SET_LIMITED_CORE_COUNT
+  KBASE_IOCTL_CS_QUEUE_GROUP_CREATE
+  KBASE_IOCTL_MEM_ALLOC_EX
+  KBASE_IOCTL_READ_USER_PAGE
+  KBASE_IOCTL_QUEUE_GROUP_CLEAR_FAULTS
+  KBASE_IOCTL_APC_REQUEST
+  KBASE_IOCTL_BUFFER_LIVENESS_UPDATE
+}')
+
+define(`instrumentation_gpu_ioctls', `{
+  KBASE_IOCTL_KINSTR_PRFCNT_ENUM_INFO
+  KBASE_IOCTL_KINSTR_PRFCNT_SETUP
+  KBASE_IOCTL_TLSTREAM_ACQUIRE
+  KBASE_IOCTL_TLSTREAM_FLUSH
+  KBASE_IOCTL_KINSTR_PRFCNT_CMD
+  KBASE_IOCTL_KINSTR_PRFCNT_GET_SAMPLE
+  KBASE_IOCTL_KINSTR_PRFCNT_PUT_SAMPLE
+}')
+
+define(`debug_gpu_ioctls', `{
+  KBASE_IOCTL_HWCNT_SET
+  KBASE_IOCTL_CINSTR_GWT_START
+  KBASE_IOCTL_CINSTR_GWT_STOP
+  KBASE_IOCTL_CINSTR_GWT_DUMP
+}')
+
+define(`deprecated_gpu_ioctls', `{
+  KBASE_HWCNT_READER_GET_HWVER
+  KBASE_HWCNT_READER_GET_BUFFER_SIZE
+  KBASE_HWCNT_READER_DUMP
+  KBASE_HWCNT_READER_CLEAR
+  KBASE_HWCNT_READER_GET_BUFFER
+  KBASE_HWCNT_READER_PUT_BUFFER
+  KBASE_HWCNT_READER_SET_INTERVAL
+  KBASE_HWCNT_READER_ENABLE_EVENT
+  KBASE_HWCNT_READER_DISABLE_EVENT
+  KBASE_HWCNT_READER_GET_API_VERSION
+  KBASE_IOCTL_CS_QUEUE_GROUP_CREATE_1_6
+}')
diff --git a/zuma-sepolicy.mk b/zuma-sepolicy.mk
index abfaa288..56502eba 100644
--- a/zuma-sepolicy.mk
+++ b/zuma-sepolicy.mk
@@ -1,6 +1,6 @@
 # sepolicy that are shared among devices using zuma
 BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/vendor
-BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/radio
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/zuma-sepolicy/radio
 PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zuma-sepolicy/radio/private
 
 # unresolved SELinux error log with bug tracking