diff --git a/private/vendor_init.te b/private/vendor_init.te
new file mode 100644
index 0000000..812f9e1
--- /dev/null
+++ b/private/vendor_init.te
@@ -0,0 +1,2 @@
+# b/277300125
+dontaudit vendor_init device_config_configuration_prop:property_service { set };
diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te
index bbdd2a0..6e17e19 100644
--- a/radio/hal_radioext_default.te
+++ b/radio/hal_radioext_default.te
@@ -19,3 +19,9 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
 
 # Bluetooth
 allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+
+# Twoshay
+binder_use(hal_radioext_default)
+allow hal_radioext_default gril_antenna_tuning_service:service_manager find;
+binder_call(hal_radioext_default, gril_antenna_tuning_service)
+binder_call(hal_radioext_default, twoshay)
diff --git a/radio/keys.conf b/radio/keys.conf
index 4784c60..45db97d 100644
--- a/radio/keys.conf
+++ b/radio/keys.conf
@@ -1,3 +1,3 @@
 [@MDS]
-ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem
+ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem
 
diff --git a/radio/property.te b/radio/property.te
index b2027e5..25d9454 100644
--- a/radio/property.te
+++ b/radio/property.te
@@ -1,3 +1,4 @@
+# P24 vendor properties
 vendor_internal_prop(vendor_carrier_prop)
 vendor_internal_prop(vendor_cbd_prop)
 vendor_internal_prop(vendor_slog_prop)
@@ -9,8 +10,8 @@ vendor_internal_prop(vendor_ssrdump_prop)
 vendor_internal_prop(vendor_wifi_version)
 vendor_internal_prop(vendor_imssvc_prop)
 vendor_internal_prop(vendor_gps_prop)
-vendor_internal_prop(vendor_logger_prop)
 vendor_internal_prop(vendor_tcpdump_log_prop)
 
 # Telephony debug app
 vendor_internal_prop(vendor_telephony_app_prop)
+
diff --git a/radio/property_contexts b/radio/property_contexts
index 602b411..0cad5bc 100644
--- a/radio/property_contexts
+++ b/radio/property_contexts
@@ -20,7 +20,6 @@ persist.vendor.config.                     u:object_r:vendor_persist_config_defa
 # for logger app
 vendor.pixellogger.                        u:object_r:vendor_logger_prop:s0
 persist.vendor.pixellogger.                u:object_r:vendor_logger_prop:s0
-persist.vendor.verbose_logging_enabled     u:object_r:vendor_logger_prop:s0
 
 # Modem
 persist.vendor.modem.                      u:object_r:vendor_modem_prop:s0
@@ -57,3 +56,4 @@ persist.vendor.gps.                        u:object_r:vendor_gps_prop:s0
 # Tcpdump_logger
 persist.vendor.tcpdump.log.alwayson        u:object_r:vendor_tcpdump_log_prop:s0
 vendor.tcpdump.                            u:object_r:vendor_tcpdump_log_prop:s0
+
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 8903cdd..8af6ec0 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -21,8 +21,6 @@ hal_dumpstate_default vendor_tcpdump_log_prop file b/273638940
 hal_power_default sysfs file b/273638876
 hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151
 hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151
-hal_thermal_default sysfs file b/272166722
-hal_thermal_default sysfs file b/272166987
 hal_uwb_default debugfs file b/273639365
 incidentd apex_art_data_file file b/272628762
 incidentd incidentd anon_inode b/274374992
@@ -49,6 +47,8 @@ untrusted_app default_android_service service_manager b/264599934
 vendor_init device_config_configuration_prop property_service b/267714573
 vendor_init device_config_configuration_prop property_service b/268566481
 vendor_init device_config_configuration_prop property_service b/273143844
+vendor_init device_config_configuration_prop property_service b/275645636
+vendor_init device_config_configuration_prop property_service b/275646003
 vendor_init tee_data_file lnk_file b/267714573
 vendor_init tee_data_file lnk_file b/272166664
 vendor_init vendor_camera_prop property_service b/267714573
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
new file mode 100644
index 0000000..3313642
--- /dev/null
+++ b/tracking_denials/dumpstate.te
@@ -0,0 +1,2 @@
+# b/277155496
+dontaudit dumpstate default_android_service:service_manager { find };
diff --git a/tracking_denials/gmscore_app.te b/tracking_denials/gmscore_app.te
deleted file mode 100644
index a5a791b..0000000
--- a/tracking_denials/gmscore_app.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# b/259302023
-dontaudit gmscore_app property_type:file *;
-# b/260365725
-dontaudit gmscore_app property_type:file *;
-# b/260522434
-dontaudit gmscore_app modem_img_file:filesystem { getattr };
-# b/264489521
-userdebug_or_eng(`
-  permissive gmscore_app;
-')
diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te
index 84c0aca..b6994f9 100644
--- a/tracking_denials/google_camera_app.te
+++ b/tracking_denials/google_camera_app.te
@@ -1,29 +1,7 @@
-# b/262455755
-dontaudit google_camera_app activity_service:service_manager { find };
-dontaudit google_camera_app cameraserver_service:service_manager { find };
-dontaudit google_camera_app content_capture_service:service_manager { find };
-dontaudit google_camera_app device_state_service:service_manager { find };
-dontaudit google_camera_app edgetpu_app_service:service_manager { find };
-dontaudit google_camera_app edgetpu_device:chr_file { ioctl };
-dontaudit google_camera_app edgetpu_device:chr_file { map };
-dontaudit google_camera_app edgetpu_device:chr_file { read write };
-dontaudit google_camera_app fwk_stats_service:service_manager { find };
-dontaudit google_camera_app game_service:service_manager { find };
-dontaudit google_camera_app mediaserver_service:service_manager { find };
-dontaudit google_camera_app netstats_service:service_manager { find };
-dontaudit google_camera_app sensorservice_service:service_manager { find };
-dontaudit google_camera_app surfaceflinger_service:service_manager { find };
-dontaudit google_camera_app thermal_service:service_manager { find };
 # b/264490031
 userdebug_or_eng(`
   permissive google_camera_app;
-')# b/264483456
-dontaudit google_camera_app backup_service:service_manager { find };
-# b/264600171
-dontaudit google_camera_app audio_service:service_manager { find };
-dontaudit google_camera_app legacy_permission_service:service_manager { find };
-dontaudit google_camera_app permission_checker_service:service_manager { find };
-# b/265220235
-dontaudit google_camera_app virtual_device_service:service_manager { find };
-# b/267843408
-dontaudit google_camera_app device_policy_service:service_manager { find };
+')
+# b/277300017
+dontaudit google_camera_app cameraserver_service:service_manager { find };
+dontaudit google_camera_app mediaserver_service:service_manager { find };
diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te
new file mode 100644
index 0000000..d37fc60
--- /dev/null
+++ b/tracking_denials/hal_radioext_default.te
@@ -0,0 +1,2 @@
+# b/275646098
+dontaudit hal_radioext_default service_manager_type:service_manager find;
diff --git a/tracking_denials/logd.te b/tracking_denials/logd.te
deleted file mode 100644
index ab19623..0000000
--- a/tracking_denials/logd.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# b/261105354
-dontaudit logd trusty_log_device:chr_file { open };
-dontaudit logd trusty_log_device:chr_file { read };
-# b/264489639
-userdebug_or_eng(`
-  permissive logd;
-')
\ No newline at end of file
diff --git a/tracking_denials/systemui.te b/tracking_denials/systemui.te
deleted file mode 100644
index 3159dd9..0000000
--- a/tracking_denials/systemui.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/264266705
-userdebug_or_eng(`
-    permissive systemui_app;
-')
diff --git a/vendor/file_contexts b/vendor/file_contexts
index f08be98..0a24947 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -163,5 +163,5 @@
 /dev/dma_heap/farawimg-secure                                               u:object_r:faceauth_heap_device:s0
 /dev/dma_heap/vframe-secure                                                 u:object_r:video_secure_heap_device:s0
 /dev/dma_heap/vscaler-secure                                                u:object_r:video_secure_heap_device:s0
-/dev/dma_heap/vstream-secure                                                u:object_r:video_secure_heap_device:s0
+/dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
 /dev/uci                                                                    u:object_r:uci_device:s0
diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te
index b4ba6c1..9c233fe 100644
--- a/vendor/google_camera_app.te
+++ b/vendor/google_camera_app.te
@@ -6,3 +6,10 @@ allow google_camera_app gxp_device:chr_file rw_file_perms;
 
 # Allows camera app to access the PowerHAL.
 hal_client_domain(google_camera_app, hal_power)
+
+# Allow camera app to access the a subset of app services.
+allow google_camera_app app_api_service:service_manager find;
+
+# Allows GCA to access the EdgeTPU device.
+allow google_camera_app edgetpu_app_service:service_manager find;
+allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
index fe017f9..2db4651 100644
--- a/vendor/hal_bootctl_default.te
+++ b/vendor/hal_bootctl_default.te
@@ -1,3 +1,4 @@
 allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
 allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
 allow hal_bootctl_default sysfs_ota:file rw_file_perms;
+allow hal_bootctl_default tee_device:chr_file rw_file_perms;
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index 7acd698..666ad73 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -14,6 +14,10 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms;
 allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
 allow hal_camera_default edgetpu_vendor_service:service_manager find;
 binder_call(hal_camera_default, edgetpu_vendor_server)
+# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
+# library has a dependency on edgetpu_app_service, see b/275016466.
+allow hal_camera_default edgetpu_app_service:service_manager find;
+binder_call(hal_camera_default, edgetpu_app_server)
 
 # Allow access to data files used by the camera HAL
 allow hal_camera_default mnt_vendor_file:dir search;
diff --git a/vendor/logd.te b/vendor/logd.te
new file mode 100644
index 0000000..ca969d8
--- /dev/null
+++ b/vendor/logd.te
@@ -0,0 +1,4 @@
+r_dir_file(logd, logbuffer_device)
+allow logd logbuffer_device:chr_file r_file_perms;
+allow logd trusty_log_device:chr_file r_file_perms;
+
diff --git a/vendor/property.te b/vendor/property.te
index ed6caac..a7450c3 100644
--- a/vendor/property.te
+++ b/vendor/property.te
@@ -10,3 +10,4 @@ vendor_internal_prop(vendor_usb_config_prop)
 
 # Dynamic sensor
 vendor_internal_prop(vendor_dynamic_sensor_prop)
+
diff --git a/vendor/property_contexts b/vendor/property_contexts
index 2d469d5..b020540 100644
--- a/vendor/property_contexts
+++ b/vendor/property_contexts
@@ -17,3 +17,4 @@ vendor.usb.                                u:object_r:vendor_usb_config_prop:s0
 
 # Dynamic sensor
 vendor.dynamic_sensor.                     u:object_r:vendor_dynamic_sensor_prop:s0
+
diff --git a/vendor/twoshay.te b/vendor/twoshay.te
index 09cc98e..219619a 100644
--- a/vendor/twoshay.te
+++ b/vendor/twoshay.te
@@ -1,2 +1,4 @@
 # Allow ITouchContextService callback
 binder_call(twoshay, systemui_app)
+
+binder_call(twoshay, hal_radioext_default)