diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts
index df755e96..cb9c2666 100644
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@@ -17,6 +17,7 @@
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.nfc-service\.st                           u:object_r:hal_nfc_default_exec:s0
 /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor         u:object_r:hal_wlc_exec:s0
+/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
 /vendor/bin/rlsservice                                                      u:object_r:rlsservice_exec:s0
 
 # Vendor Firmwares
diff --git a/legacy/whitechapel_pro/google_camera_app.te b/legacy/whitechapel_pro/google_camera_app.te
new file mode 100644
index 00000000..ad097810
--- /dev/null
+++ b/legacy/whitechapel_pro/google_camera_app.te
@@ -0,0 +1,15 @@
+type google_camera_app, domain, coredomain;
+app_domain(google_camera_app)
+
+allow google_camera_app app_api_service:service_manager find;
+allow google_camera_app audioserver_service:service_manager find;
+allow google_camera_app cameraserver_service:service_manager find;
+allow google_camera_app mediaextractor_service:service_manager find;
+allow google_camera_app mediametrics_service:service_manager find;
+allow google_camera_app mediaserver_service:service_manager find;
+
+# Allows camera app to access the GXP device.
+allow google_camera_app gxp_device:chr_file rw_file_perms;
+
+# Allows camera app to search for GXP firmware file.
+allow google_camera_app vendor_fw_file:dir search;
diff --git a/legacy/whitechapel_pro/hal_uwb_vendor.te b/legacy/whitechapel_pro/hal_uwb_vendor.te
new file mode 100644
index 00000000..dc11d6b8
--- /dev/null
+++ b/legacy/whitechapel_pro/hal_uwb_vendor.te
@@ -0,0 +1,16 @@
+# HwBinder IPC from client to server
+binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server)
+binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client)
+
+hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service)
+
+binder_call(hal_uwb_vendor_server, servicemanager)
+
+# allow hal_uwb_vendor to set wpan interfaces up and down
+allow hal_uwb_vendor self:udp_socket create_socket_perms;
+allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
+# TODO(b/190461440): Find a long term solution for this.
+allow hal_uwb_vendor self:global_capability_class_set { net_admin };
+
+# allow hal_uwb_vendor to speak to nl802154 in the kernel
+allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/legacy/whitechapel_pro/hal_uwb_vendor_default.te b/legacy/whitechapel_pro/hal_uwb_vendor_default.te
new file mode 100644
index 00000000..b287433f
--- /dev/null
+++ b/legacy/whitechapel_pro/hal_uwb_vendor_default.te
@@ -0,0 +1,14 @@
+type hal_uwb_vendor_default, domain;
+type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_uwb_vendor_default)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb)
+add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
+binder_call(hal_uwb_vendor_default, uwb_vendor_app)
+
+allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
+allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
+
+get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)
diff --git a/legacy/whitechapel_pro/seapp_contexts b/legacy/whitechapel_pro/seapp_contexts
index 7a2dd6d6..c34ff929 100644
--- a/legacy/whitechapel_pro/seapp_contexts
+++ b/legacy/whitechapel_pro/seapp_contexts
@@ -8,3 +8,7 @@ user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app
 # TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
 
+# Google Camera
+user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+
+
diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te
index dc109975..769c26bc 100644
--- a/tracking_denials/permissive.te
+++ b/tracking_denials/permissive.te
@@ -26,7 +26,4 @@ userdebug_or_eng(`
   permissive hal_usb_gadget_impl;
   permissive hal_usb_impl;
   permissive hal_camera_default;
-  permissive hal_uwb_vendor_default;
-  permissive google_camera_app;
-  permissive hal_uwb_vendor;
 ')
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 2d618c08..264278f9 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -8,7 +8,6 @@
 /vendor/bin/hw/android\.hardware\.usb-service                               u:object_r:hal_usb_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.usb\.gadget-service                       u:object_r:hal_usb_gadget_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service          u:object_r:hal_secure_element_uicc_exec:s0
-/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te
index 0ab7b06a..a0ad7316 100644
--- a/vendor/google_camera_app.te
+++ b/vendor/google_camera_app.te
@@ -1,3 +1,3 @@
-type google_camera_app, domain, coredomain;
-app_domain(google_camera_app)
-
+# Allows GCA to find and access the EdgeTPU.
+allow google_camera_app edgetpu_app_service:service_manager find;
+allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
diff --git a/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te
deleted file mode 100644
index d3bc4892..00000000
--- a/vendor/hal_uwb_vendor_default.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type hal_uwb_vendor_default, domain;
-type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_uwb_vendor_default)
-
diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts
index f8d4e0f3..d9296e0d 100644
--- a/vendor/seapp_contexts
+++ b/vendor/seapp_contexts
@@ -7,8 +7,5 @@ user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicag
 # Domain for connectivity monitor
 user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
 
-# Google Camera
-user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
-
 # CccDkTimeSyncService
 user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all