diff --git a/sepolicy/radio/file_contexts b/sepolicy/radio/file_contexts
index 34e7e8b..9129115 100644
--- a/sepolicy/radio/file_contexts
+++ b/sepolicy/radio/file_contexts
@@ -3,7 +3,6 @@
 /vendor/bin/bipchmgr                                                        u:object_r:bipchmgr_exec:s0
 /vendor/bin/vcd                                                             u:object_r:vcd_exec:s0
 /vendor/bin/dmd                                                             u:object_r:dmd_exec:s0
-/vendor/bin/sced                                                            u:object_r:sced_exec:s0
 /vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
 /vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
 /vendor/bin/modem_ml_svc_sit                                                u:object_r:modem_ml_svc_sit_exec:s0
diff --git a/sepolicy/radio/modem_svc_sit.te b/sepolicy/radio/modem_svc_sit.te
index a2fd70a..3cf6727 100644
--- a/sepolicy/radio/modem_svc_sit.te
+++ b/sepolicy/radio/modem_svc_sit.te
@@ -48,7 +48,5 @@ allow modem_svc_sit modem_img_file:file r_file_perms;
 allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
 
 # Allow modem_svc_sit to access socket for UMI
-userdebug_or_eng(`
-  allow modem_svc_sit radio_vendor_data_file:sock_file { create write unlink };
-')
+allow modem_svc_sit radio_vendor_data_file:sock_file { create write unlink };
 
diff --git a/sepolicy/radio/sced.te b/sepolicy/radio/sced.te
deleted file mode 100644
index b8246f3..0000000
--- a/sepolicy/radio/sced.te
+++ /dev/null
@@ -1,25 +0,0 @@
-type sced, domain;
-type sced_exec, vendor_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
-  init_daemon_domain(sced)
-  typeattribute sced vendor_executes_system_violators;
-
-  hwbinder_use(sced)
-  binder_call(sced, dmd)
-  binder_call(sced, vendor_telephony_silentlogging_app)
-
-  get_prop(sced, hwservicemanager_prop)
-  allow sced self:packet_socket create_socket_perms_no_ioctl;
-
-  allow sced self:capability net_raw;
-  allow sced shell_exec:file rx_file_perms;
-  allow sced tcpdump_exec:file rx_file_perms;
-  allow sced vendor_shell_exec:file x_file_perms;
-  allow sced vendor_slog_file:dir create_dir_perms;
-  allow sced vendor_slog_file:file create_file_perms;
-  allow sced hidl_base_hwservice:hwservice_manager add;
-  allow sced hal_vendor_oem_hwservice:hwservice_manager { add find };
-  add_service(sced, hal_vendor_tcpdump_service)
-  binder_call(sced, servicemanager)
-')
diff --git a/sepolicy/radio/service_contexts b/sepolicy/radio/service_contexts
index 03cffd0..3806fa4 100644
--- a/sepolicy/radio/service_contexts
+++ b/sepolicy/radio/service_contexts
@@ -3,4 +3,3 @@ com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:lib
 vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default      u:object_r:hal_vendor_radio_external_service:s0
 vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm0      u:object_r:hal_vendor_modem_logging_service:s0
 vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm1      u:object_r:hal_vendor_modem_logging_service:s0
-vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/sced0    u:object_r:hal_vendor_tcpdump_service:s0
diff --git a/sepolicy/radio/vendor_telephony_silentlogging_app.te b/sepolicy/radio/vendor_telephony_silentlogging_app.te
index 1de0ea7..4b0bb61 100644
--- a/sepolicy/radio/vendor_telephony_silentlogging_app.te
+++ b/sepolicy/radio/vendor_telephony_silentlogging_app.te
@@ -10,7 +10,6 @@ allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms
 allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
 allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
 binder_call(vendor_telephony_silentlogging_app, dmd)
-binder_call(vendor_telephony_silentlogging_app, sced)
 allow vendor_telephony_silentlogging_app hal_vendor_modem_logging_service:service_manager find;
 binder_call(vendor_telephony_silentlogging_app, servicemanager)
 
diff --git a/sepolicy/tracking_denials/bug_map b/sepolicy/tracking_denials/bug_map
index f31c57c..84fb836 100644
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@@ -8,12 +8,11 @@ dump_modem sscoredump_vendor_data_logcat_file dir b/361726331
 dumpstate system_data_file dir b/377787445
 grilservice_app twoshay binder b/375564898
 hal_camera_default aconfig_storage_metadata_file dir b/383013471
-hal_gnss_default vendor_gps_prop file b/318310869
-hal_gnss_pixel vendor_gps_file file b/378004800
-hal_graphics_composer_default sysfs file b/379245673
 hal_power_default hal_power_default capability b/350830411
 incidentd incidentd anon_inode b/322917075
 init init capability b/379206528
+insmod-sh kmsg_device chr_file b/388949710
+insmod-sh vendor_edgetpu_debugfs dir b/385858548
 kernel sepolicy_file file b/353418189
 kernel system_bootstrap_lib_file dir b/353418189
 kernel system_bootstrap_lib_file file b/353418189
@@ -28,15 +27,13 @@ platform_app vendor_rild_prop file b/377412254
 priv_app audio_config_prop file b/379245788
 radio audio_config_prop file b/379244519
 ramdump ramdump capability b/369475712
-sctd sctd tcp_socket b/309550514
-sctd swcnd unix_stream_socket b/309550514
-sctd vendor_persist_config_default_prop file b/309550514
+ramdump_app default_prop file b/386149336
+servicemanager modem_logging_control binder b/384376420
 shell sysfs_net file b/338347525
-spad spad unix_stream_socket b/309550905
-swcnd swcnd unix_stream_socket b/309551062
 system_suspend sysfs dir b/375563932
 system_suspend sysfs_touch dir b/375563932
 system_suspend sysfs_touch_gti dir b/350830429
 systemui_app system_data_file dir b/375564360
 untrusted_app audio_config_prop file b/379245853
+zygote aconfig_storage_metadata_file dir b/383949166
 zygote zygote capability b/379206406
diff --git a/sepolicy/tracking_denials/file.te b/sepolicy/tracking_denials/file.te
index 6a2f6b2..c7efcfb 100644
--- a/sepolicy/tracking_denials/file.te
+++ b/sepolicy/tracking_denials/file.te
@@ -9,6 +9,3 @@ type sysfs_chargelevel, sysfs_type, fs_type;
 # mount FS
 allow proc_vendor_sched proc:filesystem associate;
 
-# Faceauth
-type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type;
-
diff --git a/sepolicy/tracking_denials/genfs_contexts b/sepolicy/tracking_denials/genfs_contexts
index b28f508..0f032d2 100644
--- a/sepolicy/tracking_denials/genfs_contexts
+++ b/sepolicy/tracking_denials/genfs_contexts
@@ -90,6 +90,3 @@ genfscon sysfs /devices/virtual/wakeup/wakeup
 genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time   u:object_r:sysfs_usbc_throttling_stats:s0
 genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time         u:object_r:sysfs_usbc_throttling_stats:s0
 
-# Faceauth
-genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0
-
diff --git a/sepolicy/tracking_denials/hal_fingerprint_default.te b/sepolicy/tracking_denials/hal_fingerprint_default.te
new file mode 100644
index 0000000..e475e68
--- /dev/null
+++ b/sepolicy/tracking_denials/hal_fingerprint_default.te
@@ -0,0 +1,2 @@
+# b/393978045
+dontaudit hal_fingerprint_default default_android_service:service_manager add;
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 1ac8351..7bb4de4 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -499,3 +499,8 @@ genfscon sysfs /kernel/metrics/cpuidle_histogram/cpucluster_histogram     u:obje
 
 # Bluetooth
 genfscon sysfs /devices/platform/155d0000.serial/uart_dbg     u:object_r:sysfs_bt_uart:s0
+
+# USB
+starting_at_board_api(202504, `
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state   u:object_r:sysfs_udc:s0
+')
diff --git a/sepolicy/vendor/hal_fingerprint_debug.te b/sepolicy/vendor/hal_fingerprint_debug.te
new file mode 100644
index 0000000..8b8e330
--- /dev/null
+++ b/sepolicy/vendor/hal_fingerprint_debug.te
@@ -0,0 +1,24 @@
+# SE policies for IFingerprintDebug
+type hal_fingerprint_debug_service, hal_service_type, protected_service, service_manager_type;
+
+userdebug_or_eng(`
+    # Declare domains for the debug host HAL server/client.
+    hal_attribute(fingerprint_debug)
+
+    hal_server_domain(hal_fingerprint_default, hal_fingerprint_debug)
+
+    # Ensure that the server and client can communicate with each other,
+    # bi-directionally (in the case of callbacks from server to client, for
+    # example).
+    binder_call(hal_fingerprint_debug_client, hal_fingerprint_debug_server)
+    binder_call(hal_fingerprint_debug_server, hal_fingerprint_debug_client)
+
+    binder_call(hal_fingerprint_debug_server, servicemanager)
+    hal_attribute_service(hal_fingerprint_debug, hal_fingerprint_debug_service)
+
+    # Allow all priv-apps to communicate with the fingerprint debug HAL on
+    # userdebug or eng builds.
+    hal_client_domain(priv_app, hal_fingerprint_debug)
+
+    binder_call(priv_app, hal_fingerprint_default)
+')
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
index 893a34e..de8b708 100644
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -26,7 +26,7 @@ add_service(hal_graphics_composer_default, hal_pixel_display_service)
 # allow HWC/libdisplaycolor to read calibration data
 allow hal_graphics_composer_default mnt_vendor_file:dir search;
 allow hal_graphics_composer_default persist_file:dir search;
-allow hal_graphics_composer_default persist_display_file:file r_file_perms;
+allow hal_graphics_composer_default persist_display_file:file rw_file_perms;
 allow hal_graphics_composer_default persist_display_file:dir search;
 
 # allow HWC to get/set vendor_display_prop
diff --git a/sepolicy/vendor/hal_usb_impl.te b/sepolicy/vendor/hal_usb_impl.te
index e882d28..aaa9fae 100644
--- a/sepolicy/vendor/hal_usb_impl.te
+++ b/sepolicy/vendor/hal_usb_impl.te
@@ -30,4 +30,6 @@ allow hal_usb_impl usb_device:dir r_dir_perms;
 # For monitoring usb sysfs attributes
 allow hal_usb_impl sysfs_wakeup:dir search;
 allow hal_usb_impl sysfs_wakeup:file r_file_perms;
-
+starting_at_board_api(202504, `
+allow hal_usb_impl sysfs_udc:file r_file_perms;
+')
diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts
index c50b46f..b889a00 100644
--- a/sepolicy/vendor/service_contexts
+++ b/sepolicy/vendor/service_contexts
@@ -1,4 +1,5 @@
 vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default   u:object_r:hal_fingerprint_service:s0
+com.google.hardware.biometrics.fingerprint.debug.IFingerprintDebug/default   u:object_r:hal_fingerprint_debug_service:s0
 com.google.hardware.pixel.display.IDisplay/default                u:object_r:hal_pixel_display_service:s0
 vendor.google.wireless_charger.IWirelessCharger/default           u:object_r:hal_wireless_charger_service:s0
 hardware.qorvo.uwb.IUwbVendor/default                             u:object_r:hal_uwb_vendor_service:s0