diff --git a/legacy/zuma/vendor/device.te b/legacy/zuma/vendor/device.te
index 80bf3f0..6ea01d9 100644
--- a/legacy/zuma/vendor/device.te
+++ b/legacy/zuma/vendor/device.te
@@ -1,7 +1,6 @@
-type persist_block_device, dev_type;
+# device.te
 type custom_ab_block_device, dev_type;
 type mfg_data_block_device, dev_type;
-type ufs_internal_block_device, dev_type;
 type logbuffer_device, dev_type;
 type fingerprint_device, dev_type;
 type uci_device, dev_type;
@@ -12,6 +11,3 @@ type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
 type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type;
 type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type;
 type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type;
-
-# SecureElement SPI device
-type st54spi_device, dev_type;
diff --git a/legacy/zuma/vendor/hal_bluetooth_btlinux.te b/legacy/zuma/vendor/hal_bluetooth_btlinux.te
index c496ea0..cb0e55a 100644
--- a/legacy/zuma/vendor/hal_bluetooth_btlinux.te
+++ b/legacy/zuma/vendor/hal_bluetooth_btlinux.te
@@ -7,3 +7,6 @@ allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
 
 # allow the HAL to call cccdktimesync registered callbacks
 binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)
+
+# Allow access for AoC properties.
+get_prop(hal_bluetooth_btlinux, vendor_aoc_prop)
diff --git a/legacy/zuma/vendor/hal_nfc_default.te b/legacy/zuma/vendor/hal_nfc_default.te
index d71d9e2..dbf6c93 100644
--- a/legacy/zuma/vendor/hal_nfc_default.te
+++ b/legacy/zuma/vendor/hal_nfc_default.te
@@ -1,5 +1,7 @@
 # HAL NFC property
-get_prop(hal_nfc_default, vendor_nfc_prop)
+set_prop(hal_nfc_default, vendor_nfc_prop)
+set_prop(hal_nfc_default, vendor_nfc_antenna_prop)
+get_prop(untrusted_app, vendor_nfc_antenna_prop)
 
 # SecureElement property
 set_prop(hal_nfc_default, vendor_secure_element_prop)
diff --git a/legacy/zuma/vendor/hal_power_default.te b/legacy/zuma/vendor/hal_power_default.te
index bb86aad..4cf7821 100644
--- a/legacy/zuma/vendor/hal_power_default.te
+++ b/legacy/zuma/vendor/hal_power_default.te
@@ -4,4 +4,5 @@ allow hal_power_default sysfs_camera:file rw_file_perms;
 allow hal_power_default sysfs_em_profile:file rw_file_perms;
 allow hal_power_default sysfs_display:file rw_file_perms;
 allow hal_power_default sysfs_trusty:file rw_file_perms;
-set_prop(hal_power_default, vendor_camera_prop);
\ No newline at end of file
+set_prop(hal_power_default, vendor_camera_prop);
+allow hal_power_default sysfs_vendor_mm:file rw_file_perms;
diff --git a/legacy/zuma/vendor/hal_radioext_default.te b/legacy/zuma/vendor/hal_radioext_default.te
deleted file mode 100644
index d67f9e8..0000000
--- a/legacy/zuma/vendor/hal_radioext_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_radioext_default sysfs_display:file rw_file_perms;
diff --git a/legacy/zuma/vendor/hal_secure_element_uicc.te b/legacy/zuma/vendor/hal_secure_element_uicc.te
index 8cd1cb3..96cbf18 100644
--- a/legacy/zuma/vendor/hal_secure_element_uicc.te
+++ b/legacy/zuma/vendor/hal_secure_element_uicc.te
@@ -10,3 +10,5 @@ crash_dump_fallback(hal_secure_element_uicc)
 # Allow hal_secure_element_uicc to access rild
 binder_call(hal_secure_element_uicc, rild);
 allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
+allow hal_secure_element_uicc hal_vendor_radio_external_service:service_manager find;
+binder_call(hal_secure_element_uicc, servicemanager)
diff --git a/legacy/zuma/vendor/twoshay.te b/legacy/zuma/vendor/twoshay.te
index 219619a..09cc98e 100644
--- a/legacy/zuma/vendor/twoshay.te
+++ b/legacy/zuma/vendor/twoshay.te
@@ -1,4 +1,2 @@
 # Allow ITouchContextService callback
 binder_call(twoshay, systemui_app)
-
-binder_call(twoshay, hal_radioext_default)
diff --git a/legacy/zuma/vendor/ufs_firmware_update.te b/legacy/zuma/vendor/ufs_firmware_update.te
index 04e532e..8fbb5d1 100644
--- a/legacy/zuma/vendor/ufs_firmware_update.te
+++ b/legacy/zuma/vendor/ufs_firmware_update.te
@@ -1,6 +1,4 @@
-type ufs_firmware_update, domain;
-type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
-
+# ufs ffu
 userdebug_or_eng(`
   init_daemon_domain(ufs_firmware_update)
 
@@ -10,3 +8,4 @@ userdebug_or_eng(`
   allow ufs_firmware_update sysfs:dir r_dir_perms;
   allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
 ')
+
diff --git a/radio/bipchmgr.te b/radio/bipchmgr.te
index 9298e32..46809e4 100644
--- a/radio/bipchmgr.te
+++ b/radio/bipchmgr.te
@@ -7,3 +7,6 @@ get_prop(bipchmgr, hwservicemanager_prop);
 allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
 hwbinder_use(bipchmgr)
 binder_call(bipchmgr, rild)
+allow bipchmgr hal_vendor_radio_external_service:service_manager find;
+binder_call(bipchmgr, servicemanager)
+binder_use(bipchmgr)
diff --git a/radio/device.te b/radio/device.te
index 2f1aff7..f2b5dc1 100644
--- a/radio/device.te
+++ b/radio/device.te
@@ -1,3 +1,3 @@
+# radio
 type modem_block_device, dev_type;
-type modem_userdata_block_device, dev_type;
-type efs_block_device, dev_type;
+
diff --git a/radio/dmd.te b/radio/dmd.te
index be820be..7ba947d 100644
--- a/radio/dmd.te
+++ b/radio/dmd.te
@@ -30,4 +30,5 @@ binder_call(dmd, hwservicemanager)
 binder_call(dmd, modem_diagnostic_app)
 binder_call(dmd, modem_logging_control)
 binder_call(dmd, vendor_telephony_silentlogging_app)
-binder_call(dmd, liboemservice_proxy_default)
+add_service(dmd, hal_vendor_modem_logging_service)
+binder_call(dmd, servicemanager)
diff --git a/radio/file_contexts b/radio/file_contexts
index 4c25199..5a2653c 100644
--- a/radio/file_contexts
+++ b/radio/file_contexts
@@ -9,7 +9,6 @@
 /vendor/bin/modem_ml_svc_sit                                                u:object_r:modem_ml_svc_sit_exec:s0
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
-/vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
 /vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
 /vendor/bin/shared_modem_platform                                           u:object_r:modem_svc_sit_exec:s0
 
diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te
index cb4eec8..1765d1f 100644
--- a/radio/grilservice_app.te
+++ b/radio/grilservice_app.te
@@ -1,3 +1,4 @@
+# for grilservice_app domain
 type grilservice_app, domain;
 app_domain(grilservice_app)
 
@@ -12,8 +13,8 @@ allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
 allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
 allow grilservice_app radio_vendor_data_file:file create_file_perms;
 allow grilservice_app gril_antenna_tuning_service:service_manager find;
+allow grilservice_app hal_vendor_radio_external_service:service_manager find;
 binder_call(grilservice_app, hal_bluetooth_btlinux)
-binder_call(grilservice_app, hal_radioext_default)
 binder_call(grilservice_app, hal_wifi_ext)
 binder_call(grilservice_app, hal_audiometricext_default)
 binder_call(grilservice_app, rild)
@@ -22,3 +23,6 @@ hal_client_domain(grilservice_app, hal_power_stats)
 allow grilservice_app sysfs_irq:dir r_dir_perms;
 allow grilservice_app sysfs_irq:file r_file_perms;
 get_prop(grilservice_app, telephony_modemtype_prop)
+# Set modem logging properties
+set_prop(grilservice_app, vendor_logger_prop)
+set_prop(grilservice_app, vendor_modem_prop)
diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te
deleted file mode 100644
index c978ffe..0000000
--- a/radio/hal_radioext_default.te
+++ /dev/null
@@ -1,24 +0,0 @@
-type hal_radioext_default, domain;
-type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_radioext_default)
-
-hwbinder_use(hal_radioext_default)
-get_prop(hal_radioext_default, hwservicemanager_prop)
-get_prop(hal_radioext_default, telephony_modemtype_prop)
-set_prop(hal_radioext_default, vendor_gril_prop)
-add_hwservice(hal_radioext_default, hal_radioext_hwservice)
-
-binder_call(hal_radioext_default, servicemanager)
-binder_call(hal_radioext_default, grilservice_app)
-binder_call(hal_radioext_default, hal_bluetooth_btlinux)
-
-# RW /dev/oem_ipc0
-allow hal_radioext_default radio_device:chr_file rw_file_perms;
-
-# RW MIPI Freq files
-allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
-allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
-
-# Bluetooth
-allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
-allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find;
diff --git a/radio/hwservice_contexts b/radio/hwservice_contexts
index 6453a56..f89299c 100644
--- a/radio/hwservice_contexts
+++ b/radio/hwservice_contexts
@@ -3,6 +3,3 @@ vendor.samsung_slsi.telephony.hardware.oemservice::IOemService
 
 # rild HAL
 vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal        u:object_r:hal_exynos_rild_hwservice:s0
-
-# GRIL HAL
-vendor.google.radioext::IRadioExt                                                  u:object_r:hal_radioext_hwservice:s0
diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te
index 03e3af6..60835a5 100644
--- a/radio/modem_diagnostic_app.te
+++ b/radio/modem_diagnostic_app.te
@@ -11,6 +11,7 @@ userdebug_or_eng(`
 
   hal_client_domain(modem_diagnostic_app, hal_power_stats);
 
+  allow modem_diagnostic_app hal_vendor_radio_external_service:service_manager find;
   allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find;
   binder_call(modem_diagnostic_app, rild)
 
diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te
index 0bc59bd..69b6770 100644
--- a/radio/modem_svc_sit.te
+++ b/radio/modem_svc_sit.te
@@ -48,3 +48,9 @@ perfetto_producer(modem_svc_sit)
 allow modem_svc_sit modem_img_file:dir r_dir_perms;
 allow modem_svc_sit modem_img_file:file r_file_perms;
 allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
+
+# Allow modem_svc_sit to access socket for UMI
+userdebug_or_eng(`
+  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
+')
+
diff --git a/radio/oemrilservice_app.te b/radio/oemrilservice_app.te
index b055dbe..f52e433 100644
--- a/radio/oemrilservice_app.te
+++ b/radio/oemrilservice_app.te
@@ -7,3 +7,6 @@ allow oemrilservice_app radio_service:service_manager find;
 
 binder_call(oemrilservice_app, rild)
 set_prop(oemrilservice_app, vendor_rild_prop)
+
+allow oemrilservice_app hal_vendor_radio_external_service:service_manager find;
+binder_call(oemrilservice_app, servicemanager)
diff --git a/radio/radio.te b/radio/radio.te
index 721e018..d50a5e8 100644
--- a/radio/radio.te
+++ b/radio/radio.te
@@ -7,3 +7,5 @@ allow radio radio_vendor_data_file:file create_file_perms;
 allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown };
 allow radio aoc_device:chr_file rw_file_perms;
 allow radio scheduling_policy_service:service_manager find;
+allow radio hal_vendor_radio_external_service:service_manager find;
+binder_call(radio, servicemanager)
diff --git a/radio/rild.te b/radio/rild.te
index 535a6b4..80582d9 100644
--- a/radio/rild.te
+++ b/radio/rild.te
@@ -37,6 +37,7 @@ crash_dump_fallback(rild)
 
 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
+add_service(rild, hal_vendor_radio_external_service)
 
 # Allow rild to access files on modem img.
 allow rild modem_img_file:dir r_dir_perms;
diff --git a/radio/sced.te b/radio/sced.te
index 2b08973..b8246f3 100644
--- a/radio/sced.te
+++ b/radio/sced.te
@@ -20,4 +20,6 @@ userdebug_or_eng(`
   allow sced vendor_slog_file:file create_file_perms;
   allow sced hidl_base_hwservice:hwservice_manager add;
   allow sced hal_vendor_oem_hwservice:hwservice_manager { add find };
+  add_service(sced, hal_vendor_tcpdump_service)
+  binder_call(sced, servicemanager)
 ')
diff --git a/radio/service.te b/radio/service.te
index 349e658..0db5b6e 100644
--- a/radio/service.te
+++ b/radio/service.te
@@ -1,2 +1,6 @@
 # Define liboemservice_proxy_service.
-type liboemservice_proxy_service, hal_service_type, service_manager_type;
\ No newline at end of file
+type liboemservice_proxy_service, hal_service_type, service_manager_type;
+type hal_vendor_radio_external_service, hal_service_type, protected_service, service_manager_type;
+
+type hal_vendor_modem_logging_service, hal_service_type, protected_service, service_manager_type;
+type hal_vendor_tcpdump_service, hal_service_type, protected_service, service_manager_type;
diff --git a/radio/service_contexts b/radio/service_contexts
index d463150..03cffd0 100644
--- a/radio/service_contexts
+++ b/radio/service_contexts
@@ -1,2 +1,6 @@
 # DMD oemservice aidl proxy.
-com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
\ No newline at end of file
+com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
+vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default      u:object_r:hal_vendor_radio_external_service:s0
+vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm0      u:object_r:hal_vendor_modem_logging_service:s0
+vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm1      u:object_r:hal_vendor_modem_logging_service:s0
+vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/sced0    u:object_r:hal_vendor_tcpdump_service:s0
diff --git a/radio/vendor_engineermode_app.te b/radio/vendor_engineermode_app.te
index d35403a..83baa8b 100644
--- a/radio/vendor_engineermode_app.te
+++ b/radio/vendor_engineermode_app.te
@@ -5,6 +5,8 @@ binder_call(vendor_engineermode_app, rild)
 
 allow vendor_engineermode_app app_api_service:service_manager find;
 allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow vendor_engineermode_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_engineermode_app, servicemanager)
 
 userdebug_or_eng(`
   dontaudit vendor_engineermode_app default_prop:file r_file_perms;
diff --git a/radio/vendor_ims_app.te b/radio/vendor_ims_app.te
index b0aba05..187d369 100644
--- a/radio/vendor_ims_app.te
+++ b/radio/vendor_ims_app.te
@@ -21,3 +21,5 @@ get_prop(vendor_ims_app, vendor_imssvc_prop)
 userdebug_or_eng(`
   get_prop(vendor_ims_app, vendor_ims_tiss_prop)
 ')
+allow vendor_ims_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_ims_app, servicemanager)
diff --git a/radio/vendor_rcs_app.te b/radio/vendor_rcs_app.te
index 37cadef..07d1486 100644
--- a/radio/vendor_rcs_app.te
+++ b/radio/vendor_rcs_app.te
@@ -5,5 +5,6 @@ net_domain(vendor_rcs_app)
 allow vendor_rcs_app app_api_service:service_manager find;
 allow vendor_rcs_app radio_service:service_manager find;
 allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow vendor_rcs_app hal_vendor_radio_external_service:service_manager find;
 
 binder_call(vendor_rcs_app, rild)
diff --git a/radio/vendor_satellite_service.te b/radio/vendor_satellite_service.te
index f6a1fa2..392a28c 100644
--- a/radio/vendor_satellite_service.te
+++ b/radio/vendor_satellite_service.te
@@ -3,4 +3,6 @@ type vendor_satellite_service, domain;
 app_domain(vendor_satellite_service);
 allow vendor_satellite_service app_api_service:service_manager find;
 allow vendor_satellite_service hal_exynos_rild_hwservice:hwservice_manager find;
-binder_call(vendor_satellite_service, rild)
\ No newline at end of file
+binder_call(vendor_satellite_service, rild)
+allow vendor_satellite_service hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_satellite_service, servicemanager)
\ No newline at end of file
diff --git a/radio/vendor_telephony_debug_app.te b/radio/vendor_telephony_debug_app.te
index 539fffc..3c10e0b 100644
--- a/radio/vendor_telephony_debug_app.te
+++ b/radio/vendor_telephony_debug_app.te
@@ -9,6 +9,9 @@ binder_call(vendor_telephony_debug_app, rild)
 # RIL property
 set_prop(vendor_telephony_debug_app, vendor_rild_prop)
 
+allow vendor_telephony_debug_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_telephony_debug_app, servicemanager)
+
 # Debug property
 set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)
 
diff --git a/radio/vendor_telephony_silentlogging_app.te b/radio/vendor_telephony_silentlogging_app.te
index 583f408..1de0ea7 100644
--- a/radio/vendor_telephony_silentlogging_app.te
+++ b/radio/vendor_telephony_silentlogging_app.te
@@ -11,6 +11,8 @@ allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
 allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
 binder_call(vendor_telephony_silentlogging_app, dmd)
 binder_call(vendor_telephony_silentlogging_app, sced)
+allow vendor_telephony_silentlogging_app hal_vendor_modem_logging_service:service_manager find;
+binder_call(vendor_telephony_silentlogging_app, servicemanager)
 
 userdebug_or_eng(`
 # Silent Logging
diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te
index 32bc9cf..e16625b 100644
--- a/system_ext/private/systemui_app.te
+++ b/system_ext/private/systemui_app.te
@@ -1,3 +1,4 @@
+# SEPolicy for System UI
 typeattribute systemui_app coredomain;
 app_domain(systemui_app)
 allow systemui_app app_api_service:service_manager find;
@@ -26,3 +27,4 @@ userdebug_or_eng(`
   allow systemui_app wm_trace_data_file:file create_file_perms;
 ')
 
+set_prop(systemui_app, debug_tracing_desktop_mode_visible_tasks_prop)
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index a07f071..30525de 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,14 +1,33 @@
 
 dump_display sysfs file b/322917055
-dumpstate image_processing_hal binder b/322916328
-dumpstate image_processing_server binder b/322916328
+dump_modem sscoredump_vendor_data_coredump_file dir b/361726331
+dump_modem sscoredump_vendor_data_logcat_file dir b/361726331
+grilservice_app default_android_service service_manager b/366116096
 hal_audio_default fwk_stats_service service_manager b/340369535
 hal_audio_default traced_producer_socket sock_file b/340369535
+hal_bluetooth_btlinux vendor_aoc_prop file b/353262026
+hal_bluetooth_btlinux vendor_default_prop property_service b/350830390
+hal_bluetooth_btlinux vendor_default_prop property_service b/350830756
+hal_bluetooth_btlinux vendor_default_prop property_service b/350830758
 hal_gnss_default vendor_gps_prop file b/318310869
+hal_power_default hal_power_default capability b/350830411
+hal_wlcservice default_prop file b/350830657
+hal_wlcservice default_prop file b/350830879
 incidentd incidentd anon_inode b/322917075
+kernel sepolicy_file file b/353418189
+kernel system_bootstrap_lib_file dir b/353418189
+kernel system_bootstrap_lib_file file b/353418189
+kernel system_dlkm_file dir b/353418189
+modem_svc_sit hal_radioext_default process b/368187536
+modem_svc_sit hal_radioext_default process b/368188020
+modem_svc_sit modem_ml_svc_sit file b/360060680
+modem_svc_sit modem_ml_svc_sit file b/360060705
 sctd sctd tcp_socket b/309550514
 sctd swcnd unix_stream_socket b/309550514
 sctd vendor_persist_config_default_prop file b/309550514
+shell sysfs_net file b/338347525
 spad spad unix_stream_socket b/309550905
 swcnd swcnd unix_stream_socket b/309551062
-shell sysfs_net file b/338347525
+system_suspend sysfs_touch_gti dir b/350830429
+system_suspend sysfs_touch_gti dir b/350830680
+system_suspend sysfs_touch_gti dir b/350830796
diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te
deleted file mode 100644
index 7ea2914..0000000
--- a/tracking_denials/hal_radioext_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/315105050
-dontaudit hal_radioext_default radio_vendor_data_file:file { ioctl };
diff --git a/tracking_denials/keys.conf b/tracking_denials/keys.conf
index 56f6721..e450fcb 100644
--- a/tracking_denials/keys.conf
+++ b/tracking_denials/keys.conf
@@ -10,5 +10,3 @@ ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_fishfood.x509
 [@CAMERASERVICES]
 ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_google_android_apps_camera_services.x509.pem
 
-[@EUICCSUPPORTPIXEL]
-ALL : device/google/zumapro-sepolicy/tracking_denials/certs/EuiccSupportPixel.x509.pem
diff --git a/tracking_denials/mac_permissions.xml b/tracking_denials/mac_permissions.xml
index c0c0cc9..48536b9 100644
--- a/tracking_denials/mac_permissions.xml
+++ b/tracking_denials/mac_permissions.xml
@@ -33,7 +33,4 @@
     <signer signature="@CAMERASERVICES" >
       <seinfo value="CameraServices" />
     </signer>
-    <signer signature="@EUICCSUPPORTPIXEL" >
-        <seinfo value="EuiccSupportPixel" />
-    </signer>
 </policy>
diff --git a/tracking_denials/property.te b/tracking_denials/property.te
index c1a95d6..1ce323c 100644
--- a/tracking_denials/property.te
+++ b/tracking_denials/property.te
@@ -1,6 +1,7 @@
 # b/314065301
 
 vendor_internal_prop(vendor_nfc_prop)
+vendor_restricted_prop(vendor_nfc_antenna_prop)
 vendor_internal_prop(vendor_battery_profile_prop)
 vendor_internal_prop(vendor_camera_fatp_prop)
 vendor_internal_prop(vendor_display_prop)
diff --git a/tracking_denials/seapp_contexts b/tracking_denials/seapp_contexts
index 74fea00..961c13c 100644
--- a/tracking_denials/seapp_contexts
+++ b/tracking_denials/seapp_contexts
@@ -1,6 +1,3 @@
-# Domain for EuiccSupportPixel
-user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
-
 # Domain for connectivity monitor
 user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
 
diff --git a/tracking_denials/certs/EuiccSupportPixel.x509.pem b/vendor/certs/EuiccSupportPixel.x509.pem
similarity index 100%
rename from tracking_denials/certs/EuiccSupportPixel.x509.pem
rename to vendor/certs/EuiccSupportPixel.x509.pem
diff --git a/vendor/device.te b/vendor/device.te
index 10aff49..9712743 100644
--- a/vendor/device.te
+++ b/vendor/device.te
@@ -1,4 +1,8 @@
+# Device types
 type lwis_device, dev_type;
 type tee_persist_block_device, dev_type;
 type tee_userdata_block_device, dev_type;
 type hw_jpg_device, dev_type, mlstrustedobject;
+
+# SecureElement SPI device
+type st54spi_device, dev_type;
diff --git a/legacy/zuma/vendor/euiccpixel_app.te b/vendor/euiccpixel_app.te
similarity index 90%
rename from legacy/zuma/vendor/euiccpixel_app.te
rename to vendor/euiccpixel_app.te
index 0e4d65b..bc7c842 100644
--- a/legacy/zuma/vendor/euiccpixel_app.te
+++ b/vendor/euiccpixel_app.te
@@ -1,3 +1,4 @@
+# Euiccpixel_app
 type euiccpixel_app, domain;
 app_domain(euiccpixel_app)
 
@@ -18,4 +19,4 @@ userdebug_or_eng(`
 ')
 
 # b/265286368 framework UI rendering properties
-dontaudit euiccpixel_app default_prop:file { read };
\ No newline at end of file
+dontaudit euiccpixel_app default_prop:file { read };
diff --git a/vendor/file.te b/vendor/file.te
index cbe1e35..b4d0c51 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -17,6 +17,7 @@ type sysfs_write_leds, sysfs_type, fs_type;
 type sysfs_fabric, sysfs_type, fs_type;
 type sysfs_em_profile, sysfs_type, fs_type;
 type sysfs_ospm, sysfs_type, fs_type;
+type sysfs_lhbm, sysfs_type, fs_type;
 
 # debugfs
 type vendor_regmap_debugfs, fs_type, debugfs_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 8af27f9..c7fd912 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -22,7 +22,6 @@
 /vendor/bin/chre                                                            u:object_r:chre_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty   u:object_r:hal_keymint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty            u:object_r:hal_secretkeeper_default_exec:s0
-/vendor/bin/ufs_firmware_update\.sh                                         u:object_r:ufs_firmware_update_exec:s0
 /vendor/bin/hw/qfp-daemon                                                   u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0
@@ -39,6 +38,7 @@
 /vendor/lib64/libhwjpeg\.so                                              u:object_r:same_process_hal_file:s0
 /vendor/lib64/pixel-power-ext-V1-ndk\.so                                 u:object_r:same_process_hal_file:s0
 /vendor/lib64/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
+/vendor/lib64/android\.frameworks\.stats-V2-ndk\.so                      u:object_r:same_process_hal_file:s0
 /vendor/lib64/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
 /vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so                        u:object_r:same_process_hal_file:s0
 /vendor/lib64/libgpudataproducer\.so                                     u:object_r:same_process_hal_file:s0
@@ -162,6 +162,7 @@
 /dev/qbt_ipc                                                                u:object_r:fingerprint_device:s0
 /dev/qbt_fd                                                                 u:object_r:fingerprint_device:s0
 /dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
+/dev/fth_fd                                                                 u:object_r:fingerprint_device:s0
 /dev/video12                                                                u:object_r:hw_jpg_device:s0
 
 # Data
diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts
index 31066c0..d70476c 100644
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@@ -29,6 +29,8 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply             u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump           u:object_r:sysfs_power_dump:s0
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom                   u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/power_supply             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/registers_dump           u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /class/power_supply/wireless/device/version                              u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /class/power_supply/wireless/device/status                               u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /class/power_supply/wireless/device/fw_rev                               u:object_r:sysfs_batteryinfo:s0
@@ -101,6 +103,9 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-m
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup                               u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup                              u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.7.auto/usb1                                   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.7.auto/usb2                                   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.7.auto/wakeup                                 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1                                   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2                                   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup                                 u:object_r:sysfs_wakeup:s0
@@ -365,6 +370,8 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctr
 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_option                            u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_rate_hz                           u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/time_in_state                        u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_interval                       u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/expected_present_time                u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc                                               u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation                                            u:object_r:sysfs_display:s0
 genfscon sysfs /module/drm/parameters/vblankoffdelay                                                      u:object_r:sysfs_display:s0
@@ -375,19 +382,34 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code                     u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz                          u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_rate                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/power_mode                           u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_negotiation_failures           u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_read_failures                  u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/dpcd_read_failures                  u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/fec_dsc_not_supported               u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/fec_dsc_supported                   u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_invalid_failures               u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/sink_count_invalid_failures         u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_unstable_failures              u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_other                       u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1366_768                    u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1440_900                    u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1600_900                    u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1920_1080                   u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_2560_1080                   u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_2560_1440                   u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_3440_1440                   u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_3840_2160                   u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_5120_2880                   u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_7680_4320                   u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/hdcp/hdcp2_success_count                                                 u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/hdcp/hdcp2_fallback_count                                                u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/hdcp/hdcp2_fail_count                                                    u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/hdcp/hdcp1_success_count                                                 u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count                                                    u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/hdcp/hdcp0_count                                                         u:object_r:sysfs_display:s0
-
+genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/local_hbm_delay_frames  u:object_r:sysfs_lhbm:s0
 
 # ACPM
 genfscon sysfs /devices/platform/acpm_stats                                                            u:object_r:sysfs_acpm_stats:s0
@@ -462,3 +484,7 @@ genfscon sysfs /devices/platform/ete7    u:object_r:sysfs_devices_cs_etm:s0
 # Privacy LED
 genfscon sysfs /devices/platform/pwmleds/leds/green/brightness            u:object_r:sysfs_leds:s0
 genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness        u:object_r:sysfs_leds:s0
+
+# CPU
+genfscon sysfs /kernel/metrics/cpuidle_histogram/cpuidle_histogram        u:object_r:sysfs_cpu:s0
+genfscon sysfs /kernel/metrics/cpuidle_histogram/cpucluster_histogram     u:object_r:sysfs_cpu:s0
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index 4072cd3..4ff601b 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -1,3 +1,4 @@
+# for hal_camera_default service
 allow hal_camera_default self:global_capability_class_set sys_nice;
 allow hal_camera_default kernel:process setsched;
 
@@ -73,7 +74,6 @@ allow hal_camera_default sysfs_display:file r_file_perms;
 # Allow camera HAL to query preferred camera frequencies from the radio HAL
 # extensions to avoid interference with cellular antennas.
 allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
-binder_call(hal_camera_default, hal_radioext_default);
 
 # Allows camera HAL to access the hw_jpeg /dev/video12.
 allow hal_camera_default hw_jpg_device:chr_file rw_file_perms;
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index 11f478a..b3df80e 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -1,3 +1,4 @@
+# SE policies for fingerprint
 allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
@@ -56,3 +57,6 @@ allow hal_fingerprint_default persist_fingerprint_file:file create_file_perms;
 # TODO: b/297562630 - remove unecessary permissions once not needed
 allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
 allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
+
+# Allow fingerprint to rw lhbm files
+allow hal_fingerprint_default sysfs_lhbm:file rw_file_perms;
diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te
index 39dc7ee..893a34e 100644
--- a/vendor/hal_graphics_composer_default.te
+++ b/vendor/hal_graphics_composer_default.te
@@ -44,6 +44,9 @@ allow hal_graphics_composer_default vendor_log_file:dir search;
 
 # allow HWC to access powerstats
 allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find;
+allow hal_graphics_composer_default thermal_link_device:dir search;
+allow hal_graphics_composer_default sysfs_thermal:dir search;
+allow hal_graphics_composer_default sysfs_thermal:file r_file_perms;
 binder_call(hal_graphics_composer_default, hal_power_stats_default)
 
 # allow HWC to access IStats AIDL
diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te
index 2ec4888..e882d28 100644
--- a/vendor/hal_usb_impl.te
+++ b/vendor/hal_usb_impl.te
@@ -26,3 +26,8 @@ allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
 allow hal_usb_impl device:dir r_dir_perms;
 allow hal_usb_impl usb_device:chr_file rw_file_perms;
 allow hal_usb_impl usb_device:dir r_dir_perms;
+
+# For monitoring usb sysfs attributes
+allow hal_usb_impl sysfs_wakeup:dir search;
+allow hal_usb_impl sysfs_wakeup:file r_file_perms;
+
diff --git a/vendor/keys.conf b/vendor/keys.conf
new file mode 100644
index 0000000..3ffa695
--- /dev/null
+++ b/vendor/keys.conf
@@ -0,0 +1,3 @@
+[@EUICCSUPPORTPIXEL]
+ALL : device/google/zumapro-sepolicy/vendor/certs/EuiccSupportPixel.x509.pem
+
diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml
new file mode 100644
index 0000000..0eab982
--- /dev/null
+++ b/vendor/mac_permissions.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+    * A signature is a hex encoded X.509 certificate or a tag defined in
+      keys.conf and is required for each signer tag.
+    * A signer tag may contain a seinfo tag and multiple package stanzas.
+    * A default tag is allowed that can contain policy for all apps not signed with a
+      previously listed cert. It may not contain any inner package stanzas.
+    * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+      represents additional info that each app can use in setting a SELinux security
+      context on the eventual process.
+    * When a package is installed the following logic is used to determine what seinfo
+      value, if any, is assigned.
+      - All signatures used to sign the app are checked first.
+      - If a signer stanza has inner package stanzas, those stanza will be checked
+        to try and match the package name of the app. If the package name matches
+        then that seinfo tag is used. If no inner package matches then the outer
+        seinfo tag is assigned.
+      - The default tag is consulted last if needed.
+-->
+    <!-- google apps key -->
+    <signer signature="@EUICCSUPPORTPIXEL" >
+        <seinfo value="EuiccSupportPixel" />
+    </signer>
+</policy>
diff --git a/vendor/property.te b/vendor/property.te
index 344e8c9..3f61bea 100644
--- a/vendor/property.te
+++ b/vendor/property.te
@@ -1,3 +1,4 @@
+# Vendor property
 vendor_internal_prop(vendor_camera_prop)
 vendor_internal_prop(vendor_ro_sys_default_prop)
 vendor_internal_prop(vendor_persist_sys_default_prop)
@@ -10,7 +11,7 @@ vendor_internal_prop(vendor_secure_element_prop)
 vendor_internal_prop(vendor_trusty_storage_prop)
 
 # Fingerprint
-vendor_internal_prop(vendor_fingerprint_prop)
+vendor_restricted_prop(vendor_fingerprint_prop)
 
 # Battery
 vendor_internal_prop(vendor_battery_defender_prop)
diff --git a/vendor/property_contexts b/vendor/property_contexts
index c3402ac..8625439 100644
--- a/vendor/property_contexts
+++ b/vendor/property_contexts
@@ -5,6 +5,10 @@ vendor.usb.                                u:object_r:vendor_usb_config_prop:s0
 # SecureElement
 persist.vendor.se.                         u:object_r:vendor_secure_element_prop:s0
 
+# NFC
+persist.vendor.nfc.                        u:object_r:vendor_nfc_prop:s0
+persist.vendor.nfc.antenna.                u:object_r:vendor_nfc_antenna_prop:s0
+
 # vendor default
 ro.vendor.sys.                             u:object_r:vendor_ro_sys_default_prop:s0
 persist.vendor.sys.                        u:object_r:vendor_persist_sys_default_prop:s0
diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts
new file mode 100644
index 0000000..4116372
--- /dev/null
+++ b/vendor/seapp_contexts
@@ -0,0 +1,3 @@
+# Domain for EuiccSupportPixel
+user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
+
diff --git a/vendor/tee.te b/vendor/tee.te
index 0a6139b..a4153be 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -1,3 +1,4 @@
 allow tee tee_persist_block_device:blk_file rw_file_perms;
 allow tee tee_userdata_block_device:blk_file rw_file_perms;
-allow tee tee_data_file:lnk_file create;
+allow tee tee_data_file:lnk_file { create read };
+allow tee persist_ss_file:lnk_file { create read };