Snap for 8564071 from 05a1b76da9b95260b0fc9583b6ad797016836fef to mainline-sdkext-release

Change-Id: Ib69aec2d57986eaa43bf6931802e96474c366f30

103 files changed, 596 insertions, 379 deletions

diff --git a/OWNERS b/OWNERS
index c133e99..791abb4 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,13 +1,3 @@
-adamshih@google.com
-alanstokes@google.com
-bowgotsai@google.com
-jbires@google.com
-jeffv@google.com
-jgalenson@google.com
-jiyong@google.com
-nnk@google.com
+include platform/system/sepolicy:/OWNERS
+
 rurumihong@google.com
-smoreland@google.com
-sspatil@google.com
-tomcherry@google.com
-trong@google.com
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..3591c7f
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,3 @@
+[Hook Scripts]
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
+
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 57a99de..045e114 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -1,2 +1,17 @@
 # Domain for WfcActivation app
 user=_app seinfo=wfcactivation name=com.google.android.wfcactivation domain=wfc_activation_app levelFrom=all
+
+# Domain for vzw omadm trigger
+user=_app isPrivApp=true seinfo=platform name=com.google.omadm.trigger domain=vzw_omadm_trigger type=app_data_file levelFrom=all
+
+# Domain for vzw omadm connmo
+user=_app isPrivApp=true seinfo=platform name=com.android.sdm.plugins.connmo domain=vzw_omadm_connmo type=app_data_file levelFrom=all
+
+# Domain for vzw omadm dcmo
+user=_app isPrivApp=true seinfo=platform name=com.android.sdm.plugins.dcmo domain=vzw_omadm_dcmo type=app_data_file levelFrom=all
+
+# Domain for vzw omadm diagmon
+user=_app isPrivApp=true seinfo=platform name=com.android.sdm.plugins.diagmon domain=vzw_omadm_diagmon type=app_data_file levelFrom=all
+
+# Domain for uscc omadm
+user=_app isPrivApp=true seinfo=platform name=com.android.sdm.plugins.usccdm domain=uscc_omadm type=app_data_file levelFrom=all
diff --git a/private/toolbox.te b/private/toolbox.te
new file mode 100644
index 0000000..ea841ad
--- /dev/null
+++ b/private/toolbox.te
@@ -0,0 +1,6 @@
+# b/191834767
+dontaudit toolbox virtualizationservice_data_file:dir getattr;
+# b/193365943
+dontaudit toolbox toolbox:capability dac_read_search;
+dontaudit toolbox toolbox:capability dac_override;
+dontaudit toolbox toolbox:capability fowner;
diff --git a/private/uscc_omadm.te b/private/uscc_omadm.te
new file mode 100644
index 0000000..b53d66c
--- /dev/null
+++ b/private/uscc_omadm.te
@@ -0,0 +1,9 @@
+type uscc_omadm, domain, coredomain;
+
+app_domain(uscc_omadm)
+net_domain(uscc_omadm)
+
+# Services
+allow uscc_omadm app_api_service:service_manager find;
+allow uscc_omadm qchook_service:service_manager find;
+allow uscc_omadm radio_service:service_manager find;
\ No newline at end of file
diff --git a/private/vzw_omadm_connmo.te b/private/vzw_omadm_connmo.te
new file mode 100644
index 0000000..dda0dc8
--- /dev/null
+++ b/private/vzw_omadm_connmo.te
@@ -0,0 +1,9 @@
+type vzw_omadm_connmo, domain, coredomain;
+
+app_domain(vzw_omadm_connmo)
+net_domain(vzw_omadm_connmo)
+
+# Services
+allow vzw_omadm_connmo app_api_service:service_manager find;
+allow vzw_omadm_connmo qchook_service:service_manager find;
+allow vzw_omadm_connmo radio_service:service_manager find;
\ No newline at end of file
diff --git a/private/vzw_omadm_dcmo.te b/private/vzw_omadm_dcmo.te
new file mode 100644
index 0000000..8a27ef3
--- /dev/null
+++ b/private/vzw_omadm_dcmo.te
@@ -0,0 +1,9 @@
+type vzw_omadm_dcmo, domain, coredomain;
+
+app_domain(vzw_omadm_dcmo)
+net_domain(vzw_omadm_dcmo)
+
+# Services
+allow vzw_omadm_dcmo app_api_service:service_manager find;
+allow vzw_omadm_dcmo qchook_service:service_manager find;
+allow vzw_omadm_dcmo radio_service:service_manager find;
\ No newline at end of file
diff --git a/private/vzw_omadm_diagmon.te b/private/vzw_omadm_diagmon.te
new file mode 100644
index 0000000..5c2bb4b
--- /dev/null
+++ b/private/vzw_omadm_diagmon.te
@@ -0,0 +1,9 @@
+type vzw_omadm_diagmon, domain, coredomain;
+
+app_domain(vzw_omadm_diagmon)
+net_domain(vzw_omadm_diagmon)
+
+# Services
+allow vzw_omadm_diagmon app_api_service:service_manager find;
+allow vzw_omadm_diagmon qchook_service:service_manager find;
+allow vzw_omadm_diagmon radio_service:service_manager find;
\ No newline at end of file
diff --git a/private/vzw_omadm_trigger.te b/private/vzw_omadm_trigger.te
new file mode 100644
index 0000000..aea7a93
--- /dev/null
+++ b/private/vzw_omadm_trigger.te
@@ -0,0 +1,9 @@
+type vzw_omadm_trigger, domain, coredomain;
+
+app_domain(vzw_omadm_trigger)
+net_domain(vzw_omadm_trigger)
+
+# Services
+allow vzw_omadm_trigger app_api_service:service_manager find;
+allow vzw_omadm_trigger qchook_service:service_manager find;
+allow vzw_omadm_trigger radio_service:service_manager find;
\ No newline at end of file
diff --git a/public/property.te b/public/property.te
index 1441642..b5b87f1 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,2 +1,2 @@
-type persist_dpm_prop, property_type;
-type vendor_bt_prop, property_type;
+vendor_internal_prop(persist_dpm_prop)
+vendor_internal_prop(vendor_bt_prop)
diff --git a/sunfish-sepolicy.mk b/sunfish-sepolicy.mk
index 8fdaeaa..de0abea 100644
--- a/sunfish-sepolicy.mk
+++ b/sunfish-sepolicy.mk
@@ -9,5 +9,8 @@ BOARD_SEPOLICY_DIRS += device/google/sunfish-sepolicy/tracking_denials
 BOARD_SEPOLICY_DIRS += device/google/sunfish-sepolicy/vendor/st
 BOARD_SEPOLICY_DIRS += device/google/sunfish-sepolicy/vendor/verizon
 
+# system_ext
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/sunfish-sepolicy/system_ext/private
+
 # Pixel-wide sepolicy
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_sniffer
+BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
diff --git a/system_ext/private/platform_app.te b/system_ext/private/platform_app.te
new file mode 100644
index 0000000..10d6bba
--- /dev/null
+++ b/system_ext/private/platform_app.te
@@ -0,0 +1,2 @@
+# allow systemui to set boot animation colors
+set_prop(platform_app, bootanim_system_prop);
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
new file mode 100644
index 0000000..abcdd41
--- /dev/null
+++ b/system_ext/private/property_contexts
@@ -0,0 +1,5 @@
+# Boot animation dynamic colors
+persist.bootanim.color1     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color2     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color3     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color4     u:object_r:bootanim_system_prop:s0     exact    int
diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te
new file mode 100644
index 0000000..79a8d61
--- /dev/null
+++ b/tracking_denials/incidentd.te
@@ -0,0 +1,2 @@
+# b/187253611
+dontaudit incidentd apex_info_file:file getattr;
diff --git a/tracking_denials/netmgrd.te b/tracking_denials/netmgrd.te
new file mode 100644
index 0000000..b7cb0fe
--- /dev/null
+++ b/tracking_denials/netmgrd.te
@@ -0,0 +1,2 @@
+# b/183070459
+dontaudit netmgrd vendor_default_prop:property_service set;
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
new file mode 100644
index 0000000..df7e700
--- /dev/null
+++ b/tracking_denials/platform_app.te
@@ -0,0 +1,2 @@
+# b/162700611
+dontaudit platform_app default_android_hwservice:hwservice_manager find;
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
new file mode 100644
index 0000000..40928c9
--- /dev/null
+++ b/tracking_denials/surfaceflinger.te
@@ -0,0 +1,3 @@
+# b/177624282
+dontaudit surfaceflinger hal_graphics_composer_default:dir search ;
+dontaudit surfaceflinger hal_graphics_composer_default:dir search ;
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index ab656e7..acb3f80 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -1,3 +1,15 @@
+cnd wifi_hal_prop file b/162700455
+google_camera_app selinuxfs file b/175910397
 hal_health_default unlabeled file b/156200409
-tee tee capability2 156045688
-platform_app default_android_hwservice hwservice_manager 156059972
+hal_neuralnetworks_default default_prop file b/159570217
+hal_vibrator_default default_prop file b/162700134
+init_qti_chg_policy sysfs_charge file b/162702119
+pixelstats_vendor sysfs file b/161875858
+platform_app default_android_hwservice hwservice_manager b/156059972
+shell debugfs file b/175106535
+shell device_config_runtime_native_boot_prop file b/175106535
+shell sysfs file b/175106535
+tee tee capability2 b/156045688
+mediaswcodec gpu_device chr_file b/194313013
+mediaswcodec sysfs_msm_subsys dir b/194313013
+mediaserver sysfs_msm_subsys dir b/194313013
diff --git a/vendor/google/citadel_provision.te b/vendor/google/citadel_provision.te
deleted file mode 100644
index f707efd..0000000
--- a/vendor/google/citadel_provision.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type citadel_provision, domain;
-type citadel_provision_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(citadel_provision)
\ No newline at end of file
diff --git a/vendor/google/citadeld.te b/vendor/google/citadeld.te
index b31619d..d9e4a50 100644
--- a/vendor/google/citadeld.te
+++ b/vendor/google/citadeld.te
@@ -1,21 +1,3 @@
-type citadeld, domain;
-type citadeld_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(citadeld)
-
-vndbinder_use(citadeld)
-add_service(citadeld, citadeld_service)
-
-allow citadeld citadel_device:chr_file rw_file_perms;
-
-allow citadeld hal_power_stats_default:binder { call transfer };
-allow citadeld power_stats_service:service_manager find;
-
-# Let citadeld find and use statsd.
-hwbinder_use(citadeld)
-get_prop(citadeld, hwservicemanager_prop)
-allow citadeld fwk_stats_hwservice:hwservice_manager find;
-binder_call(citadeld, stats_service_server)
-
 userdebug_or_eng(`
   allow citadeld debugfs_ipc:dir search;
 ')
diff --git a/vendor/google/device.te b/vendor/google/device.te
index 39eef55..db58020 100644
--- a/vendor/google/device.te
+++ b/vendor/google/device.te
@@ -1,8 +1,8 @@
 type abc_tpu_device, dev_type;
-type citadel_device, dev_type;
 type ipu_device, dev_type, mlstrustedobject;
 type ramoops_device, dev_type;
 type maxfg_device, dev_type;
 type pwrstats_device, dev_type;
 type dp_block_device, dev_type;
 type qg_device, dev_type;
+type battery_history_device, dev_type;
diff --git a/vendor/google/device_drop_monitor.te b/vendor/google/device_drop_monitor.te
index 3f680f4..8c0c0b7 100644
--- a/vendor/google/device_drop_monitor.te
+++ b/vendor/google/device_drop_monitor.te
@@ -1,4 +1,4 @@
-type device_drop_monitor, domain;
+type device_drop_monitor, domain, coredomain;
 
 userdebug_or_eng(`
   app_domain(device_drop_monitor)
@@ -7,7 +7,9 @@ userdebug_or_eng(`
   allow device_drop_monitor fwk_stats_hwservice:hwservice_manager find;
   allow device_drop_monitor sysfs_msm_subsys:dir search;
   allow device_drop_monitor sysfs_msm_subsys:file r_file_perms;
+  allow device_drop_monitor fwk_stats_service:service_manager find;
   binder_call(device_drop_monitor, gpuservice);
   binder_call(device_drop_monitor, stats_service_server);
+  binder_use(device_drop_monitor)
 ')
 
diff --git a/vendor/google/dumpstate.te b/vendor/google/dumpstate.te
index 19d87ef..2869937 100644
--- a/vendor/google/dumpstate.te
+++ b/vendor/google/dumpstate.te
@@ -5,6 +5,7 @@ dump_hal(hal_power_stats)
 
 userdebug_or_eng(`
   allow dumpstate debugfs_dma_buf:file r_file_perms;
+  allow dumpstate media_rw_data_file:file append;
 ')
 
 # For collecting bugreports.
diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index 996a114..9b54250 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -6,4 +6,5 @@ recovery_only(`
   allow fastbootd modem_block_device:blk_file getattr;
   allow fastbootd sysfs_scsi_devices_0000:dir r_dir_perms;
   allow fastbootd sg_device:chr_file rw_file_perms;
+  allow fastbootd citadel_device:chr_file rw_file_perms;
 ')
diff --git a/vendor/google/file.te b/vendor/google/file.te
index fd2bd46..633643c 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -9,11 +9,9 @@ type debugfs_batteryinfo, debugfs_type, fs_type;
 type sysfs_chargelevel, sysfs_type, fs_type;
 type sysfs_display, sysfs_type, fs_type;
 type sysfs_touch, sysfs_type, fs_type;
-type sysfs_power_stats, sysfs_type, fs_type;
 type sysfs_power_stats_ignore, sysfs_type, fs_type;
 type sysfs_poweroff, sysfs_type, fs_type;
 type sysfs_msm_boardid, fs_type, sysfs_type;
-type sysfs_iio_devices, fs_type, sysfs_type;
 type sysfs_pixelstats, fs_type, sysfs_type;
 type sysfs_wlc, sysfs_type, fs_type;
 type sysfs_pstore, sysfs_type, fs_type;
@@ -25,16 +23,17 @@ type sysfs_esim, sysfs_type, fs_type;
 type debugfs_usb, debugfs_type, fs_type;
 type mediadrm_vendor_data_file, file_type, data_file_type;
 type diag_socket, file_type, mlstrustedobject;
-type ese_vendor_data_file, file_type, data_file_type;
 type debugfs_dma_buf, debugfs_type, fs_type;
 type debugfs_clk, debugfs_type, fs_type;
 type debugfs_pmic, debugfs_type, fs_type;
 type sysfs_contaminant, sysfs_type, fs_type;
 type hal_neuralnetworks_darwinn_hal_camera_data_file, file_type, data_file_type;
-type hal_rebootescrow_citadel_data_file, file_type, data_file_type;
 type sysfs_knowles_info, fs_type, sysfs_type;
 type sysfs_fingerprint, sysfs_type, fs_type;
 type per_boot_file, file_type, data_file_type, core_data_file_type;
+type proc_sched_lib_mask_cpuinfo, proc_type, fs_type;
+type sysfs_limit_power_transfer, sysfs_type, fs_type;
+type sysfs_typec_info, sysfs_type, fs_type;
 
 # Dumpstates bootloader logs
 type proc_bldrlog, fs_type, proc_type;
@@ -48,5 +47,6 @@ type debugfs_ipa_data_stall_detection, debugfs_type, fs_type;
 # Incremental file system driver
 type vendor_incremental_module, vendor_file_type, file_type;
 
-# RamdumpFS
-allow ramdump_vendor_mnt_file self:filesystem associate;
+# Firmware mount
+type firmware_file, file_type, contextmount_type, vendor_file_type;
+allow firmware_file self:filesystem associate;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 1e80b98..0030286 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -3,7 +3,6 @@
 /dev/access-metadata                                                                  u:object_r:ramoops_device:s0
 /dev/access-ramoops                                                                   u:object_r:ramoops_device:s0
 /dev/block/zram0                                                                      u:object_r:swap_block_device:s0
-/dev/citadel0                                                                         u:object_r:citadel_device:s0
 /dev/ipu                                                                              u:object_r:ipu_device:s0
 /dev/maxfg_history                                                                    u:object_r:maxfg_device:s0
 /dev/iaxxx-module-celldrv                                                             u:object_r:pwrstats_device:s0
@@ -13,35 +12,26 @@
 # system binaries
 /system/bin/hw/hardware\.google\.pixelstats@1\.0-service                              u:object_r:pixelstats_system_exec:s0
 /vendor/bin/easelmanagerd                                                             u:object_r:easel_exec:s0
-/vendor/bin/pixelstats-vendor                                                         u:object_r:pixelstats_vendor_exec:s0
+/dev/battery_history                                                                  u:object_r:battery_history_device:s0
 
 # vendor binaries
-/vendor/bin/hw/android\.hardware\.atrace@1\.0-service.pixel                           u:object_r:hal_atrace_default_exec:s0
-/vendor/bin/hw/android\.hardware\.camera\.provider@2\.6-service-google                u:object_r:hal_camera_default_exec:s0
-/vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic                    u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google                u:object_r:hal_camera_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic                    u:object_r:hal_contexthub_default_exec:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.sunfish                     u:object_r:hal_dumpstate_impl_exec:s0
-/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel                     u:object_r:hal_keymaster_citadel_exec:s0
-/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel                      u:object_r:hal_identity_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox                u:object_r:hal_neuralnetworks_paintbox_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha                 u:object_r:hal_neuralnetworks_darwinn_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel                    u:object_r:hal_power_stats_default_exec:s0
-/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel                       u:object_r:hal_rebootescrow_citadel_exec:s0
-/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.sunfish                           u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb-service\.sunfish                                u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb\.gadget-service\.sunfish                        u:object_r:hal_usb_gadget_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.vibrator@1\.3-service\.sunfish                      u:object_r:hal_vibrator_default_exec:s0
-/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel                        u:object_r:hal_weaver_citadel_exec:s0
-/vendor/bin/hw/citadeld                                                               u:object_r:citadeld_exec:s0
-/vendor/bin/hw/init_citadel                                                           u:object_r:init_citadel_exec:s0
-/vendor/bin/hw/citadel_updater                                                        u:object_r:citadel_updater_exec:s0
-/vendor/bin/CitadelProvision                                                          u:object_r:citadel_provision_exec:s0
 /vendor/bin/hw/hardware\.google\.light@1\.1-service                                   u:object_r:hal_light_default_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                                  u:object_r:hal_radioext_default_exec:s0
-/vendor/bin/hw/wait_for_strongbox                                                     u:object_r:wait_for_strongbox_exec:s0
 /vendor/bin/color_init                                                                u:object_r:color_init_exec:s0
 /vendor/bin/init\.ramoops\.sh                                                         u:object_r:ramoops_exec:s0
 /vendor/bin/modem_svc                                                                 u:object_r:modem_svc_exec:s0
 /vendor/bin/ramoops                                                                   u:object_r:ramoops_exec:s0
-/vendor/bin/ramdump                                                                   u:object_r:ramdump_exec:s0
 /vendor/bin/init\.radio\.sh                                                           u:object_r:init_radio_exec:s0
+/vendor/bin/init\.insmod\.sh                                                          u:object_r:init-insmod-sh_exec:s0
 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor                           u:object_r:hal_wifi_ext_exec:s0
 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy                      u:object_r:hal_wifi_ext_exec:s0
 /vendor/bin/tcpdump_logger                                                            u:object_r:tcpdump_logger_exec:s0
@@ -52,6 +42,12 @@
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.2-service\.fpc           u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/init\.qti\.chg_policy\.sh                                                 u:object_r:init_qti_chg_policy_exec:s0
 /vendor/bin/hw/android\.hardware\.graphics\.composer@2\.4-service-sm8150              u:object_r:hal_graphics_composer_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub-service\.generic                         u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub@1\.[0-9]-service\.generic                u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.usb@1\.[0-9]-service\.sunfish                       u:object_r:hal_usb_impl_exec:s0
+
+# Vendor firmware
+/vendor/firmware_mnt(/.*)?                                                            u:object_r:firmware_file:s0
 
 /mnt/vendor/persist/battery(/.*)?                                                     u:object_r:persist_battery_file:s0
 /mnt/vendor/persist/haptics(/.*)?                                                     u:object_r:persist_haptics_file:s0
@@ -65,11 +61,62 @@
 /data/vendor/tcpdump_logger(/.*)?                                                     u:object_r:tcpdump_vendor_data_file:s0
 /data/vendor_ce/[0-9]+/ramoops(/.*)?                                                  u:object_r:ramoops_vendor_data_file:s0
 /data/vendor/hal_neuralnetworks_darwinn/hal_camera(/.*)?                              u:object_r:hal_neuralnetworks_darwinn_hal_camera_data_file:s0
-/data/vendor/rebootescrow(/.*)?                                                       u:object_r:hal_rebootescrow_citadel_data_file:s0
 /data/per_boot(/.*)?                                                                  u:object_r:per_boot_file:s0
 
 # dev socket node
 /dev/socket/diag_router                                                               u:object_r:diag_socket:s0
 
-#vendor_kernel_modules
-/vendor/lib/modules/.*\.ko                                                             u:object_r:vendor_kernel_modules:s0
+# vendor_kernel_modules
+/vendor/lib/modules/adsp_loader_dlkm\.ko                                              u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/apr_dlkm\.ko                                                      u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/atomic64_test\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/bolero_cdc_dlkm\.ko                                               u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/br_netfilter\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/gspca_main\.ko                                                    u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/hdmi_dlkm\.ko                                                     u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/lcd\.ko                                                           u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/lkdtm\.ko                                                         u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/llcc_perfmon\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/machine_dlkm\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/mbhc_dlkm\.ko                                                     u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/mmc_test\.ko                                                      u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/mpq-adapter\.ko                                                   u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/mpq-dmx-hw-plugin\.ko                                             u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/msm_11ad_proxy\.ko                                                u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/msm-geni-ir\.ko                                                   u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/native_dlkm\.ko                                                   u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/pinctrl_lpi_dlkm\.ko                                              u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/pinctrl_wcd_dlkm\.ko                                              u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/platform_dlkm\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/q6_dlkm\.ko                                                       u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/q6_notifier_dlkm\.ko                                              u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/q6_pdr_dlkm\.ko                                                   u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/rdbg\.ko                                                          u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/rx_macro_dlkm\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/snd_event_dlkm\.ko                                                u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/stub_dlkm\.ko                                                     u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/swr_ctrl_dlkm\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/swr_dlkm\.ko                                                      u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/test_user_copy\.ko                                                u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/torture\.ko                                                       u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/tx_macro_dlkm\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/usf_dlkm\.ko                                                      u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/va_macro_dlkm\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd934x_dlkm\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd937x_dlkm\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd937x_slave_dlkm\.ko                                            u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd9xxx_dlkm\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd_core_dlkm\.ko                                                 u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd_spi_dlkm\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wglink_dlkm\.ko                                                   u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wil6210\.ko                                                       u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wlan\.ko                                                          u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wsa881x_dlkm\.ko                                                  u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wsa_macro_dlkm\.ko                                                u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/heatmap\.ko                                                       u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/ftm5\.ko                                                          u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/drv2624\.ko                                                       u:object_r:vendor_kernel_modules:s0
+
+# Vendor libs that are exposed to apps (those listed in /vendor/etc/public.libraries.txt
+# and their dependencies)
+/vendor/lib(64)?/vendor\.qti\.hardware\.dsp@1\.0\.so                                  u:object_r:same_process_hal_file:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index a1866b7..de173a2 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -14,7 +14,6 @@ genfscon sysfs /devices/platform/soc/1d84000.ufshc/device_descriptor         u:o
 genfscon proc /sys/vm/swappiness		      u:object_r:proc_swappiness:s0
 genfscon proc /fs/f2fs                                u:object_r:proc_f2fs:s0
 genfscon proc /irq                                    u:object_r:proc_irq:s0
-genfscon sysfs /bus/iio/devices                       u:object_r:sysfs_iio_devices:s0
 
 # Touch
 genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-1/1-0049			u:object_r:sysfs_touch:s0
@@ -40,6 +39,8 @@ genfscon proc /sys/kernel/sched_upmigrate
 genfscon proc /sys/kernel/sched_downmigrate                                     u:object_r:proc_sched_updown_migrate:s0
 genfscon proc /sys/kernel/sched_upmigrate_boosted                               u:object_r:proc_sched_updown_migrate:s0
 genfscon proc /sys/kernel/sched_downmigrate_boosted                             u:object_r:proc_sched_updown_migrate:s0
+genfscon proc /sys/kernel/sched_lib_name                                        u:object_r:proc_sched_lib_mask_cpuinfo:s0
+genfscon proc /sys/kernel/sched_lib_mask_force                                  u:object_r:proc_sched_lib_mask_cpuinfo:s0
 
 # PowerStatsHal
 genfscon sysfs /power/system_sleep/stats           u:object_r:sysfs_power_stats:s0
@@ -49,8 +50,11 @@ genfscon sysfs /devices/platform/soc/soc:abc-sm/state_stats
 u:object_r:sysfs_power_stats:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/iio:device2
 u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/soc/888000.i2c/i2c-0/0-0008/power_stats        u:object_r:sysfs_power_stats:s0
 
 # Not used by PowerStatsHal
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:vadc@3100/iio:device0
+u:object_r:sysfs_power_stats_ignore:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1
 u:object_r:sysfs_power_stats_ignore:s0
 
@@ -76,6 +80,9 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.q
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/power_supply  u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:google,bms/power_supply                  u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0050/                                                                                   u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/usb_limit_sink_current   u:object_r:sysfs_limit_power_transfer:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/usb_limit_sink_enable    u:object_r:sysfs_limit_power_transfer:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/usb_limit_source_enable  u:object_r:sysfs_limit_power_transfer:s0
 genfscon sysfs /class/qcom-battery                                              u:object_r:sysfs_batteryinfo:s0
 genfscon debugfs /logbuffer/ssoc                                                u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/ttf                                                 u:object_r:debugfs_batteryinfo:s0
@@ -83,6 +90,19 @@ genfscon debugfs /google_charger
 genfscon debugfs /google_battery                                                u:object_r:debugfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/soc:google,charger/charge_start_level      u:object_r:sysfs_chargelevel:s0
 genfscon sysfs /devices/platform/soc/soc:google,charger/charge_stop_level       u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_drainto_soc          u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_recharge_soc         u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_recharge_voltage     u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_abs_temp      u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_soc           u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_temp          u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_time          u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_temp         u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_time         u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_voltage      u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_enable          u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_dry_run         u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_clear                u:object_r:sysfs_chargelevel:s0
 
 # Pixelstats
 genfscon sysfs /devices/platform/soc/soc:google,overheat_mitigation               u:object_r:sysfs_pixelstats:s0
@@ -92,6 +112,9 @@ genfscon sysfs /devices/platform/codec_detect/codec_state              u:object_
 genfscon sysfs /devices/platform/codec_detect/wdsp_stat                u:object_r:sysfs_pixelstats:s0
 genfscon sysfs /devices/platform/codec_detect/headset_codec_state      u:object_r:sysfs_pixelstats:s0
 
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/typec/port0/port0-partner/identity/id_header  u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/typec/port0/port0-partner/identity/product  u:object_r:sysfs_pixelstats:s0
+
 
 # Audio Dsp for HardwareInfo
 genfscon sysfs /devices/platform/codec_detect/hwinfo_part_number      u:object_r:sysfs_audio:s0
@@ -104,6 +127,7 @@ genfscon debugfs /tcpm/usbpd0                         u:object_r:debugfs_usb:s0
 genfscon debugfs /logbuffer/usbpd                     u:object_r:debugfs_usb:s0
 genfscon debugfs /logbuffer/smblib                    u:object_r:debugfs_usb:s0
 genfscon debugfs /logbuffer/pps			      u:object_r:debugfs_usb:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd0/typec  u:object_r:sysfs_typec_info:s0
 
 # Dumpstate hal
 genfscon debugfs /dma_buf/bufinfo                     u:object_r:debugfs_dma_buf:s0
@@ -144,6 +168,12 @@ genfscon debugfs /ipawwan/debug                           u:object_r:debugfs_ipa
 # Poweroff for warm_reset in recovery mode
 genfscon sysfs /module/msm_poweroff                       u:object_r:sysfs_poweroff:s0
 
+# Extcon
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon            u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon             u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/extcon u:object_r:sysfs_extcon:s0
+
 # Label wakeup nodes symlinks from /sys/class/wakeup
 genfscon sysfs /devices/virtual/misc/msm_aac/wakeup                                  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/virtual/misc/msm_alac/wakeup                                 u:object_r:sysfs_wakeup:s0
diff --git a/vendor/google/google_camera_app.te b/vendor/google/google_camera_app.te
index b04fc93..b275f42 100644
--- a/vendor/google/google_camera_app.te
+++ b/vendor/google/google_camera_app.te
@@ -29,7 +29,6 @@ allow google_camera_app app_api_service:service_manager find;
 allow google_camera_app audioserver_service:service_manager find;
 allow google_camera_app cameraserver_service:service_manager find;
 allow google_camera_app drmserver_service:service_manager find;
-allow google_camera_app gpu_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;
 allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
@@ -37,9 +36,6 @@ allow google_camera_app mediadrmserver_service:service_manager find;
 allow google_camera_app nfc_service:service_manager find;
 allow google_camera_app radio_service:service_manager find;
 
-# Allow untrusted apps to interact with gpuservice
-binder_call(google_camera_app, gpuservice)
-
 # gdbserver for ndk-gdb ptrace attaches to app process.
 allow google_camera_app self:process ptrace;
 
diff --git a/vendor/google/grilservice_app.te b/vendor/google/grilservice_app.te
index ef2430f..4c8d81e 100644
--- a/vendor/google/grilservice_app.te
+++ b/vendor/google/grilservice_app.te
@@ -2,8 +2,13 @@ type grilservice_app, domain;
 
 app_domain(grilservice_app)
 
+allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
 allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
 allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
-allow grilservice_app activity_service:service_manager find;
+allow grilservice_app app_api_service:service_manager find;
+binder_call(grilservice_app, hal_bluetooth_default)
 binder_call(grilservice_app, hal_radioext_default)
 binder_call(grilservice_app, hal_wifi_ext)
+
+# this denial on grilservice_app since this AudioMetric functionality is not used in legacy device.
+dontaudit grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
diff --git a/vendor/google/hal_camera_default.te b/vendor/google/hal_camera_default.te
index 01c21bf..104b9fe 100644
--- a/vendor/google/hal_camera_default.te
+++ b/vendor/google/hal_camera_default.te
@@ -9,7 +9,7 @@ binder_call(hal_camera_default, sensor_service_server)
 binder_call(sensor_service_server, hal_camera_default)
 
 # For camera hal to talk with gralloc
-#hal_client_domain(hal_camera_default, hal_graphics_allocator)
+hal_client_domain(hal_camera_default, hal_graphics_allocator)
 hal_client_domain(hal_camera_default, hal_graphics_composer)
 
 #For camera hal to talk with ECOService.
diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index a3cdab7..11198c8 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te
@@ -65,6 +65,9 @@ userdebug_or_eng(`
   allow hal_dumpstate_impl debugfs_ipa:file r_file_perms;
 ')
 
+#Dumpstats fastrpc buffer
+allow hal_dumpstate_impl sysfs_fastrpc:file r_file_perms;
+
 # dump Battery/Charger/Guage
 allow hal_dumpstate_impl debugfs_batteryinfo:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_batteryinfo:file r_file_perms;
@@ -73,6 +76,8 @@ allow hal_dumpstate_impl debugfs_pmic:file r_file_perms;
 userdebug_or_eng(`
   allow hal_dumpstate_impl debugfs_pmic:file rw_file_perms;
 ')
+allow hal_dumpstate_impl sysfs_chargelevel:file r_file_perms;
+allow hal_dumpstate_impl sysfs_batteryinfo:file r_file_perms;
 
 allow hal_dumpstate_impl debugfs_usb:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_usb:file r_file_perms;
@@ -115,6 +120,9 @@ userdebug_or_eng(`
   allow hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;
 ')
 
+# Access to /sys/devices/soc0/serial_number
+r_dir_file(hal_dumpstate_impl, sysfs_soc)
+
 # Access to modem stat
 domain_auto_trans(hal_dumpstate_impl, modem_svc_exec, modem_svc)
 allow hal_dumpstate_impl modem_stat_data_file:file r_file_perms;
diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te
index 42a3aa4..4d79c14 100644
--- a/vendor/google/hal_health_default.te
+++ b/vendor/google/hal_health_default.te
@@ -4,9 +4,13 @@ r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
 set_prop(hal_health_default, vendor_shutdown_prop)
 set_prop(hal_health_default, vendor_battery_defender_prop)
 
-allow hal_health_default fwk_stats_hwservice:hwservice_manager find;
+allow hal_health_default fwk_stats_service:service_manager find;
+binder_use(hal_health_default)
+
 allow hal_health_default persist_file:dir search;
 allow hal_health_default persist_battery_file:file create_file_perms;
 allow hal_health_default persist_battery_file:dir rw_dir_perms;
 allow hal_health_default mnt_vendor_file:dir search;
 allow hal_health_default sysfs_chargelevel:file rw_file_perms;
+
+r_dir_file(hal_health_default, sysfs_typec_info)
diff --git a/vendor/google/hal_identity_citadel.te b/vendor/google/hal_identity_citadel.te
deleted file mode 100644
index e29310c..0000000
--- a/vendor/google/hal_identity_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_identity_citadel, domain;
-type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_identity_citadel)
-binder_call(hal_identity_citadel, citadeld)
-allow hal_identity_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_identity_citadel, hal_identity)
-init_daemon_domain(hal_identity_citadel)
diff --git a/vendor/google/hal_keymaster_citadel.te b/vendor/google/hal_keymaster_citadel.te
deleted file mode 100644
index 3674cd0..0000000
--- a/vendor/google/hal_keymaster_citadel.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_keymaster_citadel, domain;
-type hal_keymaster_citadel_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_keymaster_citadel)
-
-vndbinder_use(hal_keymaster_citadel)
-binder_call(hal_keymaster_citadel, citadeld)
-allow hal_keymaster_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_keymaster_citadel, hal_keymaster)
-
-get_prop(hal_keymaster_citadel, vendor_security_patch_level_prop)
diff --git a/vendor/google/hal_power_stats_default.te b/vendor/google/hal_power_stats_default.te
index b5cc289..aec48e9 100644
--- a/vendor/google/hal_power_stats_default.te
+++ b/vendor/google/hal_power_stats_default.te
@@ -1,8 +1,9 @@
 allow hal_power_stats_default sysfs_msm_wlan:dir search; # Needed to traverse to wlan stats file
-get_prop(hal_power_stats_default, exported_wifi_prop) # Needed to detect wifi on/off
+get_prop(hal_power_stats_default, wifi_hal_prop) # Needed to detect wifi on/off
 r_dir_file(hal_power_stats_default, sysfs_iio_devices) # Needed to traverse odpm files
 r_dir_file(hal_power_stats_default, sysfs_power_stats) # Needed to traverse platform low power stats
 r_dir_file(hal_power_stats_default, sysfs_msm_subsys) # Needed to traverse subsystem low power stats
+r_dir_file(hal_power_stats_default, sysfs_leds) # Needed to track display stats
 
 # The following folders are incidentally accessed by hal_power_stats_default and are not needed.
 dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms;
@@ -10,7 +11,4 @@ dontaudit hal_power_stats_default sysfs_power_stats_ignore:file r_file_perms;
 dontaudit hal_power_stats_default debugfs_wlan:dir search;
 dontaudit hal_power_stats_default sysfs:file read;
 
-vndbinder_use(hal_power_stats)
-add_service(hal_power_stats_server, power_stats_service)
-
 binder_call(hal_power_stats, citadeld)
diff --git a/vendor/google/hal_rebootescrow_citadel.te b/vendor/google/hal_rebootescrow_citadel.te
deleted file mode 100644
index c85ce20..0000000
--- a/vendor/google/hal_rebootescrow_citadel.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type hal_rebootescrow_citadel, domain;
-type hal_rebootescrow_citadel_exec, exec_type, vendor_file_type, file_type;
-
-hal_server_domain(hal_rebootescrow_citadel, hal_rebootescrow)
-
-vndbinder_use(hal_rebootescrow_citadel)
-binder_call(hal_rebootescrow_citadel, citadeld)
-allow hal_rebootescrow_citadel citadeld_service:service_manager find;
-
-hal_client_domain(hal_rebootescrow_citadel, hal_keymaster)
-
-init_daemon_domain(hal_rebootescrow_citadel)
-
-allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:dir create_dir_perms;
-allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:file create_file_perms;
diff --git a/vendor/google/hal_sensors_default.te b/vendor/google/hal_sensors_default.te
index bb194bb..5adebba 100644
--- a/vendor/google/hal_sensors_default.te
+++ b/vendor/google/hal_sensors_default.te
@@ -15,3 +15,9 @@ allow hal_sensors_default sysfs_leds:file r_file_perms;
 # For Suez metrics collection
 allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
 binder_call(hal_sensors_default, system_server);
+allow hal_sensors_default fwk_stats_service:service_manager find;
+binder_use(hal_sensors_default)
+
+# Allow Suez nanoapp clients to connect to CHRE.
+allow hal_sensors_default chre_socket:sock_file write;
+allow hal_sensors_default chre:unix_stream_socket connectto;
diff --git a/vendor/google/hal_usb_gadget_impl.te b/vendor/google/hal_usb_gadget_impl.te
new file mode 100644
index 0000000..ddd90c2
--- /dev/null
+++ b/vendor/google/hal_usb_gadget_impl.te
@@ -0,0 +1,14 @@
+type hal_usb_gadget_impl, domain;
+hal_server_domain(hal_usb_gadget_impl, hal_usb)
+hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
+
+type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_usb_gadget_impl)
+
+allow hal_usb_gadget_impl configfs:dir { create rmdir };
+allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
+set_prop(hal_usb_gadget_impl, vendor_usb_prop)
+
+allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
+allow hal_usb_gadget_impl sysfs_extcon:dir search;
diff --git a/vendor/google/hal_usb_impl.te b/vendor/google/hal_usb_impl.te
index cd782c5..c2e9e52 100644
--- a/vendor/google/hal_usb_impl.te
+++ b/vendor/google/hal_usb_impl.te
@@ -9,4 +9,9 @@ allow hal_usb_impl configfs:file create_file_perms;
 allow hal_usb_impl sysfs_batteryinfo:dir search;
 allow hal_usb_impl sysfs_batteryinfo:file r_file_perms;
 allow hal_usb_impl sysfs_contaminant:file rw_file_perms;
+allow hal_usb_impl sysfs_limit_power_transfer:file rw_file_perms;
 set_prop(hal_usb_impl, vendor_usb_prop)
+allow hal_usb_impl sysfs_extcon:dir search;
+
+r_dir_file(hal_usb_impl, sysfs_typec_info)
+allow hal_usb_impl sysfs_typec_info:file rw_file_perms;
diff --git a/vendor/google/hal_weaver_citadel.te b/vendor/google/hal_weaver_citadel.te
deleted file mode 100644
index 40a0e14..0000000
--- a/vendor/google/hal_weaver_citadel.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_weaver_citadel, domain;
-type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_weaver_citadel)
-
-vndbinder_use(hal_weaver_citadel)
-binder_call(hal_weaver_citadel, citadeld)
-allow hal_weaver_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_weaver_citadel, hal_weaver)
-hal_server_domain(hal_weaver_citadel, hal_oemlock)
-hal_server_domain(hal_weaver_citadel, hal_authsecret)
diff --git a/vendor/google/hal_wifi_ext.te b/vendor/google/hal_wifi_ext.te
index 1be706b..55ea19e 100644
--- a/vendor/google/hal_wifi_ext.te
+++ b/vendor/google/hal_wifi_ext.te
@@ -27,7 +27,7 @@ r_dir_file(hal_wifi_ext, proc_wifi_dbg)
 # Allow wifi_ext to report callbacks to gril-service app
 binder_call(hal_wifi_ext, grilservice_app)
 
-allow hal_wifi_ext wlan_device:chr_file w_file_perms;
+allow hal_wifi_ext wlan_device:chr_file rw_file_perms;
 
 userdebug_or_eng(`
 # debugfs entries are only needed in user-debug or eng builds
diff --git a/vendor/google/hbmsvmanager_app.te b/vendor/google/hbmsvmanager_app.te
index 25c06c0..a14930a 100644
--- a/vendor/google/hbmsvmanager_app.te
+++ b/vendor/google/hbmsvmanager_app.te
@@ -1,7 +1,9 @@
-type hbmsvmanager_app, domain;
+type hbmsvmanager_app, domain, coredomain;
 
 app_domain(hbmsvmanager_app);
 hal_client_domain(hbmsvmanager_app, hal_light)
 
 # Standard system services
 allow hbmsvmanager_app app_api_service:service_manager find;
+
+allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
diff --git a/vendor/google/hwservice.te b/vendor/google/hwservice.te
index 2e8e1a8..b8e9a67 100644
--- a/vendor/google/hwservice.te
+++ b/vendor/google/hwservice.te
@@ -1,5 +1,7 @@
-type hal_pixelstats_hwservice, hwservice_manager_type;
-type hal_darwinn_hwservice, hwservice_manager_type;
-type hal_radioext_hwservice, hwservice_manager_type;
-type hal_wifi_ext_hwservice, hwservice_manager_type;
-type hal_wlc_hwservice, hwservice_manager_type;
+type hal_pixelstats_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_darwinn_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_radioext_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_wifi_ext_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_wlc_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_audiometricext_hwservice, hwservice_manager_type;
diff --git a/vendor/google/hwservice_contexts b/vendor/google/hwservice_contexts
index afe7b5f..15c0e7f 100644
--- a/vendor/google/hwservice_contexts
+++ b/vendor/google/hwservice_contexts
@@ -1,6 +1,9 @@
-hardware.google.pixelstats::IPixelStats                         u:object_r:hal_pixelstats_hwservice:s0
-hardware.google.light::ILight                                   u:object_r:hal_light_hwservice:s0
-vendor.google.darwinn.service::IDarwinnService                  u:object_r:hal_darwinn_hwservice:s0
-vendor.google.radioext::IRadioExt                               u:object_r:hal_radioext_hwservice:s0
-vendor.google.wifi_ext::IWifiExt                                u:object_r:hal_wifi_ext_hwservice:s0
-vendor.google.wireless_charger::IWirelessCharger                u:object_r:hal_wlc_hwservice:s0
+hardware.google.pixelstats::IPixelStats                                 u:object_r:hal_pixelstats_hwservice:s0
+hardware.google.light::ILight                                           u:object_r:hal_light_hwservice:s0
+hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance     u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.sar::IBluetoothSar                            u:object_r:hal_bluetooth_coexistence_hwservice:s0
+vendor.google.darwinn.service::IDarwinnService                          u:object_r:hal_darwinn_hwservice:s0
+vendor.google.radioext::IRadioExt                                       u:object_r:hal_radioext_hwservice:s0
+vendor.google.wifi_ext::IWifiExt                                        u:object_r:hal_wifi_ext_hwservice:s0
+vendor.google.wireless_charger::IWirelessCharger                        u:object_r:hal_wlc_hwservice:s0
+vendor.google.audiometricext::IAudioMetricExt                           u:object_r:hal_audiometricext_hwservice:s0
diff --git a/vendor/google/init-insmod-sh.te b/vendor/google/init-insmod-sh.te
index 851ad3f..5f0f6dd 100644
--- a/vendor/google/init-insmod-sh.te
+++ b/vendor/google/init-insmod-sh.te
@@ -1,4 +1,12 @@
 # Allow insmod
+type init-insmod-sh, domain;
+type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-insmod-sh)
+
+allow init-insmod-sh self:capability sys_module;
+allow init-insmod-sh vendor_kernel_modules:system module_load;
+allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
 allow init-insmod-sh sysfs_msm_boot:file w_file_perms;
 
 userdebug_or_eng(`
@@ -6,7 +14,9 @@ userdebug_or_eng(`
   allow init-insmod-sh debugfs_wlan:dir search;
 ')
 
+set_prop(init-insmod-sh, vendor_device_prop)
+
 dontaudit init-insmod-sh debugfs_ipc:dir search;
 dontaudit init-insmod-sh debugfs_wlan:dir search;
 dontaudit init-insmod-sh self:capability sys_admin;
-dontaudit init-insmod-sh proc_cmdline:file read;
+dontaudit init-insmod-sh proc_cmdline:file r_file_perms;
diff --git a/vendor/google/init.te b/vendor/google/init.te
index 5ed0eb9..cd16f4e 100644
--- a/vendor/google/init.te
+++ b/vendor/google/init.te
@@ -1,3 +1,7 @@
+# Allow init to mount firmware
+allow init firmware_file:dir mounton;
+allow init firmware_file:filesystem { getattr mount relabelfrom };
+
 allow init boot_block_device:lnk_file relabelto;
 allow init custom_ab_block_device:lnk_file relabelto;
 
@@ -8,3 +12,6 @@ recovery_only(`
   allow init sysfs_thermal:file rw_file_perms;
   allow init sysfs_poweroff:file w_file_perms;
 ')
+
+allow init per_boot_file:file ioctl;
+allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };
diff --git a/vendor/google/init_citadel.te b/vendor/google/init_citadel.te
deleted file mode 100644
index 6583a3a..0000000
--- a/vendor/google/init_citadel.te
+++ /dev/null
@@ -1,16 +0,0 @@
-type init_citadel, domain;
-type init_citadel_exec, exec_type, vendor_file_type, file_type;
-type citadel_updater_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(init_citadel)
-
-vndbinder_use(init_citadel)
-binder_call(init_citadel, citadeld)
-allow init_citadel citadeld_service:service_manager find;
-
-# Many standard utils are actually vendor_toolbox (like xxd)
-allow init_citadel vendor_toolbox_exec:file rx_file_perms;
-
-# init_citadel needs to invoke citadel_updater
-allow init_citadel citadel_updater_exec:file rx_file_perms;
-allow init_citadel citadel_device:chr_file rw_file_perms;
diff --git a/vendor/google/init_qti_chg_policy.te b/vendor/google/init_qti_chg_policy.te
index 44815ce..924d3d1 100644
--- a/vendor/google/init_qti_chg_policy.te
+++ b/vendor/google/init_qti_chg_policy.te
@@ -7,5 +7,12 @@ allow init_qti_chg_policy vendor_toolbox_exec:file rx_file_perms;
 allow init_qti_chg_policy sysfs_batteryinfo:file create_file_perms;
 allow init_qti_chg_policy sysfs_batteryinfo:dir r_dir_perms;
 allow init_qti_chg_policy sysfs_contaminant:file create_file_perms;
+allow init_qti_chg_policy sysfs_wakeup:dir r_dir_perms;
+allow init_qti_chg_policy sysfs_wakeup:file getattr;
+allow init_qti_chg_policy sysfs_iio_devices:dir search;
+allow init_qti_chg_policy sysfs_power_stats_ignore:dir search;
+allow init_qti_chg_policy sysfs_power_stats_ignore:file r_file_perms;
+allow init_qti_chg_policy sysfs_power_stats:dir search;
+allow init_qti_chg_policy sysfs_power_stats:file r_file_perms;
 
 set_prop(init_qti_chg_policy, vendor_hvdcp_opti_prop)
diff --git a/vendor/google/logger_app.te b/vendor/google/logger_app.te
index c891758..1b7e6c5 100644
--- a/vendor/google/logger_app.te
+++ b/vendor/google/logger_app.te
@@ -1,11 +1,4 @@
-type logger_app, domain;
-
 userdebug_or_eng(`
-  app_domain(logger_app)
-  net_domain(logger_app)
-
-  allow logger_app app_api_service:service_manager find;
-
   allow logger_app vendor_radio_data_file:file create_file_perms;
   allow logger_app vendor_radio_data_file:dir create_dir_perms;
 
@@ -15,8 +8,17 @@ userdebug_or_eng(`
   allow logger_app tcpdump_vendor_data_file:dir create_dir_perms;
   allow logger_app tcpdump_vendor_data_file:file create_file_perms;
 
+  get_prop(logger_app, radio_prop)
+
+  set_prop(logger_app, vendor_ramdump_prop)
+  set_prop(logger_app, logpersistd_logging_prop)
+  set_prop(logger_app, logd_prop)
+  set_prop(logger_app, vendor_ssr_prop)
   set_prop(logger_app, vendor_cnss_diag_prop)
   set_prop(logger_app, vendor_modem_diag_prop)
   set_prop(logger_app, vendor_tcpdump_log_prop)
   set_prop(logger_app, vendor_wifi_sniffer_prop)
+  set_prop(logger_app, vendor_usb_prop)
+  set_prop(logger_app, vendor_logging_prop)
+  set_prop(logger_app, vendor_logger_prop)
 ')
diff --git a/vendor/google/modem_diagnostics.te b/vendor/google/modem_diagnostics.te
index 75e8c51..a01d3af 100644
--- a/vendor/google/modem_diagnostics.te
+++ b/vendor/google/modem_diagnostics.te
@@ -9,9 +9,16 @@ userdebug_or_eng(`
   allow modem_diagnostic_app surfaceflinger_service:service_manager find;
   allow modem_diagnostic_app radio_service:service_manager find;
   allow modem_diagnostic_app diag_device:chr_file rw_file_perms;
+  allow modem_diagnostic_app sysfs_esim:file r_file_perms;
+
+  allow modem_diagnostic_app ssr_log_file:dir r_dir_perms;
+  allow modem_diagnostic_app ssr_log_file:file r_file_perms;
 
   unix_socket_connect(modem_diagnostic_app, diag, qlogd);
 
   set_prop(modem_diagnostic_app, vendor_modem_diag_prop)
-  set_prop(modem_diagnostic_app, exported3_radio_prop)
+  set_prop(modem_diagnostic_app, radio_control_prop)
+
+  allow modem_diagnostic_app sysfs_batteryinfo:file r_file_perms;
+  allow modem_diagnostic_app sysfs_batteryinfo:dir search;
 ')
diff --git a/vendor/google/modem_svc.te b/vendor/google/modem_svc.te
index 50f80b6..5f8cefa 100644
--- a/vendor/google/modem_svc.te
+++ b/vendor/google/modem_svc.te
@@ -8,15 +8,13 @@ allow modem_svc self:qipcrtr_socket create_socket_perms_no_ioctl;
 # For property service
 set_prop(modem_svc, vendor_modem_diag_prop)
 set_prop(modem_svc, vendor_modem_prop)
-get_prop(modem_svc, exported3_radio_prop)
+get_prop(modem_svc, radio_control_prop)
 get_prop(modem_svc, vendor_build_type_prop)
 
 # For bugreport collection
-userdebug_or_eng(`
-  allow modem_svc hal_dumpstate_impl:fd use;
-  allow modem_svc dumpstate:fd use;
-  allow modem_svc shell_data_file:file write;
-')
+allow modem_svc hal_dumpstate_impl:fd use;
+allow modem_svc dumpstate:fd use;
+allow modem_svc shell_data_file:file write;
 
 dontaudit modem_svc sysfs_msm_subsys:dir r_dir_perms;
 dontaudit modem_svc sysfs_esoc:dir r_dir_perms;
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index 9ddc742..3015d3f 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -1,9 +1,3 @@
-# pixelstats vendor
-type pixelstats_vendor, domain;
-
-type pixelstats_vendor_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(pixelstats_vendor)
-
 unix_socket_connect(pixelstats_vendor, chre, chre)
 
 get_prop(pixelstats_vendor, hwservicemanager_prop)
@@ -12,10 +6,13 @@ allow pixelstats_vendor hal_pixelstats_hwservice:hwservice_manager find;
 binder_call(pixelstats_vendor, pixelstats_system)
 
 allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find;
-binder_call(pixelstats_vendor, stats_service_server)
+
+binder_use(pixelstats_vendor)
+allow pixelstats_vendor fwk_stats_service:service_manager find;
 
 allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
-r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
+allow pixelstats_vendor battery_history_device:chr_file r_file_perms;
+
 # UeventListener
-allow pixelstats_vendor self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 r_dir_file(pixelstats_vendor, sysfs_pixelstats)
+r_dir_file(pixelstats_vendor, sysfs_typec_info)
diff --git a/vendor/google/property.te b/vendor/google/property.te
index 18633c6..1e789e3 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -1,13 +1,21 @@
-type vendor_tcpdump_log_prop, property_type;
-type vendor_build_type_prop, property_type;
-type vendor_aware_available_prop, property_type;
-type vendor_modem_prop, property_type;
-type camera_ro_prop, property_type;
-type vendor_ramoops_prop, property_type;
-type ecoservice_prop, property_type;
-type vendor_shutdown_prop, property_type;
-type vendor_battery_defender_prop, property_type;
-type vendor_vibrator_prop, property_type;
+vendor_internal_prop(ecoservice_prop)
+vendor_internal_prop(vendor_battery_defender_prop)
+vendor_internal_prop(vendor_battery_profile_prop)
+vendor_internal_prop(vendor_build_type_prop)
+vendor_internal_prop(vendor_modem_prop)
+vendor_internal_prop(vendor_ramoops_prop)
+vendor_internal_prop(vendor_shutdown_prop)
+vendor_internal_prop(vendor_tcpdump_log_prop)
+vendor_internal_prop(vendor_vibrator_prop)
+vendor_internal_prop(vendor_device_prop)
 
 # vendor verbose logging property
-type vendor_logging_prop, property_type;
+vendor_internal_prop(vendor_logging_prop)
+
+vendor_restricted_prop(camera_ro_prop)
+
+# Vendor aware available type
+vendor_restricted_prop(vendor_aware_available_prop)
+
+# Logger
+vendor_internal_prop(vendor_logger_prop)
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 34b20e7..409d57c 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -20,9 +20,15 @@ vendor.display.primary_blue                     u:object_r:vendor_display_prop:s
 vendor.display.primary_white                    u:object_r:vendor_display_prop:s0
 vendor.display.native_display_primaries_ready   u:object_r:vendor_display_prop:s0
 
+vendor.all.modules.ready                        u:object_r:vendor_device_prop:s0
+vendor.all.devices.ready                        u:object_r:vendor_device_prop:s0
+
 # battery
 vendor.battery.defender.                        u:object_r:vendor_battery_defender_prop:s0
 
+# test battery profile
+persist.vendor.testing_battery_profile          u:object_r:vendor_battery_profile_prop:s0
+
 # Tcpdump_logger
 persist.vendor.tcpdump.log.alwayson             u:object_r:vendor_tcpdump_log_prop:s0
 vendor.tcpdump.log.ondemand                     u:object_r:vendor_tcpdump_log_prop:s0
@@ -64,3 +70,7 @@ ro.vendor.vibrator.hal.lptrigger                u:object_r:vendor_vibrator_prop:
 
 # Vendor verbose logging prop
 persist.vendor.verbose_logging_enabled          u:object_r:vendor_logging_prop:s0
+
+# Logger app
+vendor.pixellogger.                             u:object_r:vendor_logger_prop:s0
+persist.vendor.pixellogger.                     u:object_r:vendor_logger_prop:s0
diff --git a/vendor/google/ramdump.te b/vendor/google/ramdump.te
deleted file mode 100644
index 0db625c..0000000
--- a/vendor/google/ramdump.te
+++ /dev/null
@@ -1,37 +0,0 @@
-type ramdump_exec, exec_type, vendor_file_type, file_type;
-type ramdump, domain;
-
-userdebug_or_eng(`
-  init_daemon_domain(ramdump)
-
-  set_prop(ramdump, vendor_ramdump_prop)
-  get_prop(ramdump, public_vendor_default_prop)
-
-  # f2fs set pin file requires sys_admin
-  allow ramdump self:capability { sys_admin sys_rawio };
-
-  allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
-  allow ramdump ramdump_vendor_data_file:file create_file_perms;
-  allow ramdump proc_cmdline:file r_file_perms;
-
-  allow ramdump block_device:dir search;
-  allow ramdump misc_block_device:blk_file rw_file_perms;
-  allow ramdump userdata_block_device:blk_file rw_file_perms;
-
-  dontaudit ramdump metadata_file:dir search;
-
-  r_dir_file(ramdump, sysfs_type)
-
-  # To access statsd.
-  hwbinder_use(ramdump)
-  get_prop(ramdump, hwservicemanager_prop)
-  allow ramdump fwk_stats_hwservice:hwservice_manager find;
-  binder_call(ramdump, stats_service_server)
-
-  # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
-  allow ramdump fuse:filesystem relabelfrom;
-  allow ramdump fuse_device:chr_file rw_file_perms;
-  allow ramdump mnt_vendor_file:dir r_dir_perms;
-  allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
-  allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
-')
diff --git a/vendor/google/recovery.te b/vendor/google/recovery.te
index 7e7925c..39cb557 100644
--- a/vendor/google/recovery.te
+++ b/vendor/google/recovery.te
@@ -1,5 +1,4 @@
 recovery_only(`
- allow recovery citadel_device:chr_file rw_file_perms;
  allow recovery sg_device:chr_file rw_file_perms;
  allow recovery sysfs_scsi_devices_0000:dir r_dir_perms;
 ')
diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts
index 1cc64e0..2279b62 100644
--- a/vendor/google/seapp_contexts
+++ b/vendor/google/seapp_contexts
@@ -1,16 +1,13 @@
 # Domain for Ramdump
-user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
 user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
 
 # Domain for grilservice
-user=_app isPrivApp=true seinfo=platform name=com.google.android.grilservice domain=grilservice_app levelFrom=all
+user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
 
 # Domain for Modem Diagnostic System
 user=_app seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
 
-# Domain for Pixel Logger
-user=_app seinfo=platform name=com.android.pixellogger domain=logger_app type=app_data_file levelFrom=all
-
 # Domain for GoogleCBRS app
 user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
 
@@ -21,7 +18,7 @@ user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_tou
 user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
 
 # Domain for UvExposureReporter service
-user=_app seinfo=platform name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all
 
 # Domain for DeviceDropMonitor service
 user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all
diff --git a/vendor/google/service.te b/vendor/google/service.te
new file mode 100644
index 0000000..9c935e9
--- /dev/null
+++ b/vendor/google/service.te
@@ -0,0 +1 @@
+type hal_pixel_display_service, service_manager_type, vendor_service;
diff --git a/vendor/google/service_contexts b/vendor/google/service_contexts
new file mode 100644
index 0000000..4bac73b
--- /dev/null
+++ b/vendor/google/service_contexts
@@ -0,0 +1,2 @@
+android.hardware.drm.IDrmFactory/widevine    u:object_r:hal_drm_service:s0
+com.google.hardware.pixel.display.IDisplay/default                            u:object_r:hal_pixel_display_service:s0
diff --git a/vendor/google/system_app.te b/vendor/google/system_app.te
new file mode 100644
index 0000000..326d9fd
--- /dev/null
+++ b/vendor/google/system_app.te
@@ -0,0 +1 @@
+get_prop(system_app, vendor_aware_available_prop)
diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
index 1d9ae56..0d7ec6b 100644
--- a/vendor/google/uv_exposure_reporter.te
+++ b/vendor/google/uv_exposure_reporter.te
@@ -1,13 +1,9 @@
-type uv_exposure_reporter, domain;
+type uv_exposure_reporter, domain, coredomain;
 
-userdebug_or_eng(`
-  app_domain(uv_exposure_reporter)
-
-  allow uv_exposure_reporter app_api_service:service_manager find;
-  allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
-  allow uv_exposure_reporter sysfs_msm_subsys:dir search;
-  allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
-  binder_call(uv_exposure_reporter, gpuservice);
-  binder_call(uv_exposure_reporter, stats_service_server);
-')
+app_domain(uv_exposure_reporter)
 
+allow uv_exposure_reporter app_api_service:service_manager find;
+allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+allow uv_exposure_reporter fwk_stats_service:service_manager find;
+binder_use(uv_exposure_reporter)
diff --git a/vendor/google/vendor_init.te b/vendor/google/vendor_init.te
index 8672d3f..dc0679b 100644
--- a/vendor/google/vendor_init.te
+++ b/vendor/google/vendor_init.te
@@ -35,6 +35,7 @@ allow vendor_init proc_sched_energy_aware:file w_file_perms;
 allow vendor_init proc_sched_updown_migrate:file w_file_perms;
 allow vendor_init proc_swappiness:file w_file_perms;
 allow vendor_init proc_dirty:file w_file_perms;
+allow vendor_init proc_sched_lib_mask_cpuinfo:file w_file_perms;
 
 allow vendor_init self:global_capability2_class_set block_suspend;
 allow vendor_init sysfs_wake_lock:file rw_file_perms;
@@ -45,3 +46,6 @@ userdebug_or_eng(`
 ')
 
 set_prop(vendor_init, vendor_logging_prop)
+get_prop(vendor_init, test_harness_prop)
+get_prop(vendor_init, vendor_battery_profile_prop)
+set_prop(vendor_init, vendor_battery_defender_prop)
diff --git a/vendor/google/vendor_shell.te b/vendor/google/vendor_shell.te
new file mode 100644
index 0000000..2ace587
--- /dev/null
+++ b/vendor/google/vendor_shell.te
@@ -0,0 +1 @@
+set_prop(vendor_shell, vendor_battery_profile_prop)
diff --git a/vendor/google/vndservice.te b/vendor/google/vndservice.te
index 0e6b581..2dca1b2 100644
--- a/vendor/google/vndservice.te
+++ b/vendor/google/vndservice.te
@@ -1,3 +1 @@
-type citadeld_service,             vndservice_manager_type;
-type power_stats_service,          vndservice_manager_type;
 type eco_service,                  vndservice_manager_type;
diff --git a/vendor/google/vndservice_contexts b/vendor/google/vndservice_contexts
index bf9fbbd..b6babcc 100644
--- a/vendor/google/vndservice_contexts
+++ b/vendor/google/vndservice_contexts
@@ -1,4 +1 @@
-android.hardware.citadel.ICitadeld      u:object_r:citadeld_service:s0
-power.stats-vendor                      u:object_r:power_stats_service:s0
 media.ecoservice                        u:object_r:eco_service:s0
-
diff --git a/vendor/google/wait_for_strongbox.te b/vendor/google/wait_for_strongbox.te
deleted file mode 100644
index 23ffa97..0000000
--- a/vendor/google/wait_for_strongbox.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# wait_for_strongbox service
-type wait_for_strongbox, domain;
-type wait_for_strongbox_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(wait_for_strongbox)
-
-hal_client_domain(wait_for_strongbox, hal_keymaster)
diff --git a/vendor/qcom/common/cameraserver.te b/vendor/qcom/common/cameraserver.te
index 92aacf7..dfd4524 100644
--- a/vendor/qcom/common/cameraserver.te
+++ b/vendor/qcom/common/cameraserver.te
@@ -6,3 +6,5 @@ get_prop(cameraserver, vendor_display_prop)
 # are not essential, and access denial to it won't break any gralloc mapper
 # functionality.
 dontaudit cameraserver gpu_device:chr_file rw_file_perms;
+
+dontaudit cameraserver sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te
index 333ac60..30acc21 100644
--- a/vendor/qcom/common/cnd.te
+++ b/vendor/qcom/common/cnd.te
@@ -20,6 +20,7 @@ allow cnd cnd_data_file:dir rw_dir_perms;
 wakelock_use(cnd)
 # To register cnd to hwbinder
 add_hwservice(cnd, hal_datafactory_hwservice)
+add_hwservice(cnd, hal_mwqemadapter_hwservice)
 userdebug_or_eng(`
   allow cnd diag_device:chr_file rw_file_perms;
 ')
@@ -42,3 +43,5 @@ allow cnd self:{
     netlink_generic_socket
     qipcrtr_socket
 } create_socket_perms_no_ioctl;
+
+dontaudit cnd wifi_hal_prop:file r_file_perms;
diff --git a/vendor/qcom/common/con_monitor.te b/vendor/qcom/common/con_monitor.te
index 64d0257..860c16e 100644
--- a/vendor/qcom/common/con_monitor.te
+++ b/vendor/qcom/common/con_monitor.te
@@ -1,10 +1,9 @@
 # ConnectivityMonitor app
-type con_monitor_app, domain;
+type con_monitor_app, domain, coredomain;
 
 app_domain(con_monitor_app)
 
 set_prop(con_monitor_app, radio_prop)
-set_prop(con_monitor_app, vendor_radio_prop)
 allow con_monitor_app app_api_service:service_manager find;
 allow con_monitor_app audioserver_service:service_manager find;
 allow con_monitor_app radio_service:service_manager find;
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 33bb82e..23073eb 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -131,8 +131,6 @@ type sysfs_sectouch, sysfs_type, fs_type;
 type vendor_tui_data_file, file_type, data_file_type;
 type vendor_bt_data_file, file_type, data_file_type;
 type sysfs_jpeg, fs_type, sysfs_type;
-type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
 type sysfs_npu, fs_type, sysfs_type;
 type vendor_ramdump_data_file, file_type, data_file_type;
 type vendor_mdmhelperdata_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 907d5b9..a360e5a 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -52,7 +52,7 @@
 /(vendor|system/vendor)/bin/ssr_diag            u:object_r:vendor_ssr_diag_exec:s0
 /(vendor|system/vendor)/bin/hw/qcrild           u:object_r:rild_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey    u:object_r:hal_drm_clearkey_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine    u:object_r:hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-service\.widevine    u:object_r:hal_drm_widevine_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti  u:object_r:hal_bluetooth_default_exec:s0
@@ -67,6 +67,8 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service-qti u:object_r:hal_keymaster_qti_exec:s0
+/(vendor|system/vendor)/bin/init\.qti\.keymaster\.sh u:object_r:init-qti-keymaster-sh_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
 /(vendor|system/vendor)/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0
@@ -113,12 +115,6 @@
 /mnt/vendor/persist/audio(/.*)?                                                u:object_r:persist_audio_file:s0
 
 ###################################
-# ramdumpfs files
-#
-/mnt/vendor/ramdump(/.*)?                       u:object_r:ramdump_vendor_mnt_file:s0
-/ramdump(/.*)?                                  u:object_r:ramdump_vendor_mnt_file:s0
-
-###################################
 # adsp files
 #
 /(vendor|system/vendor)/dsp(/.*)?                                   u:object_r:adsprpcd_file:s0
@@ -144,12 +140,15 @@
 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@4\.0\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdMetaData\.so         u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgralloc\.qti\.so       u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/lib_aion_buffer\.so       u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqservice\.so           u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdutils\.so            u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libadreno_utils\.so       u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so    u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgsl\.so                u:object_r:same_process_hal_file:s0
 
 /vendor/lib(64)?/libEGL_adreno\.so         u:object_r:same_process_hal_file:s0
@@ -179,6 +178,10 @@
 # libGLESv2_adreno depends on this
 /vendor/lib(64)?/libllvm-glnext\.so         u:object_r:same_process_hal_file:s0
 
+# Game profiling library
+/vendor/lib(64)?/libadreno_app_profiles\.so    u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.qspmhal@1\.0\.so u:object_r:same_process_hal_file:s0
+
 # libOpenCL-pixel and its dependencies
 /vendor/lib(64)?/libOpenCL-pixel\.so        u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libOpenCL\.so              u:object_r:same_process_hal_file:s0
@@ -243,6 +246,7 @@
 /dev/msm_.*                                     u:object_r:audio_device:s0
 /dev/ramdump_.*                                 u:object_r:ramdump_device:s0
 /dev/at_.*                                      u:object_r:at_device:s0
+/dev/qce                                        u:object_r:qce_device:s0
 
 # dev socket nodes
 /dev/socket/ipacm_log_file                      u:object_r:ipacm_socket:s0
@@ -262,7 +266,6 @@
 /data/vendor/modem_fdr(/.*)?           u:object_r:modem_fdr_file:s0
 /data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
 /data/vendor/nnhal(/.*)?               u:object_r:hal_neuralnetworks_data_file:s0
-/data/vendor/ramdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrlog(/.*)?              u:object_r:ssr_log_file:s0
 /data/vendor/camera(/.*)?              u:object_r:camera_vendor_data_file:s0
diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts
index 8afbb14..d8158ec 100644
--- a/vendor/qcom/common/genfs_contexts
+++ b/vendor/qcom/common/genfs_contexts
@@ -26,3 +26,5 @@ genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000
 genfscon sysfs /devices/virtual/xt_hardidletimer/timers                                                                                u:object_r:sysfs_data:s0
 genfscon sysfs /devices/virtual/xt_idletimer/timers                                                                                    u:object_r:sysfs_data:s0
 genfscon sysfs /module/subsystem_restart/parameters/enable_ramdumps                                                                    u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup                                                                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd-secure/wakeup                                                                      u:object_r:sysfs_wakeup:s0
diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index 4b52daf..2f8fbdd 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -10,4 +10,6 @@ allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
 allow hal_drm_widevine hal_display_config_hwservice:hwservice_manager find;
 binder_call(hal_drm_widevine, hal_graphics_composer_default)
 
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
\ No newline at end of file
+allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;
diff --git a/vendor/qcom/common/hal_gnss_qti.te b/vendor/qcom/common/hal_gnss_qti.te
index c4481a7..80abd2e 100644
--- a/vendor/qcom/common/hal_gnss_qti.te
+++ b/vendor/qcom/common/hal_gnss_qti.te
@@ -24,5 +24,7 @@ allow hal_gnss_qti location:unix_dgram_socket sendto;
 
 allow hal_gnss_qti self:qipcrtr_socket create_socket_perms_no_ioctl;
 
+allow hal_gnss_qti location_data_file:dir r_dir_perms;
+
 # Allow Gnss HAL to get updates from health hal
 hal_client_domain(hal_gnss_qti, hal_health)
diff --git a/vendor/qcom/common/hal_neuralnetworks.te b/vendor/qcom/common/hal_neuralnetworks.te
index 1d20204..6ccdd39 100644
--- a/vendor/qcom/common/hal_neuralnetworks.te
+++ b/vendor/qcom/common/hal_neuralnetworks.te
@@ -17,3 +17,6 @@ r_dir_file(hal_neuralnetworks_default, sysfs_soc)
 r_dir_file(hal_neuralnetworks_default, adsprpcd_file)
 
 dontaudit hal_neuralnetworks_default vendor_display_prop:file read;
+
+# b/159570217 suppress warning related to zeroth.debuglog.logmask
+dontaudit hal_neuralnetworks_default default_prop:file { open read };
diff --git a/vendor/qcom/common/hal_rcsservice.te b/vendor/qcom/common/hal_rcsservice.te
index 9acd706..0c95f16 100644
--- a/vendor/qcom/common/hal_rcsservice.te
+++ b/vendor/qcom/common/hal_rcsservice.te
@@ -11,6 +11,8 @@ hwbinder_use(hal_rcsservice)
 # add IUceSerive and IService to Hidl interface
 add_hwservice(hal_rcsservice, hal_imsrcsd_hwservice)
 add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice)
+# add imsfactory to HIDl interface
+add_hwservice(hal_rcsservice, hal_imsfactory_hwservice)
 
 get_prop(hal_rcsservice, hwservicemanager_prop)
 set_prop(hal_rcsservice, qcom_ims_prop)
diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te
index 7cdae50..9c1b7eb 100644
--- a/vendor/qcom/common/hvdcp.te
+++ b/vendor/qcom/common/hvdcp.te
@@ -7,7 +7,7 @@ allow hvdcp sysfs_batteryinfo:dir r_dir_perms;
 allow hvdcp qg_device:chr_file rw_file_perms;
 allow hvdcp self:capability2 wake_alarm;
 allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow hvdcp kmsg_device:chr_file r_file_perms;
+allow hvdcp kmsg_device:chr_file rw_file_perms;
 allow hvdcp mnt_vendor_file:dir r_dir_perms;
 allow hvdcp persist_file:dir search;
 allow hvdcp persist_hvdcp_file:dir search;
diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te
index e681898..c17da13 100644
--- a/vendor/qcom/common/hwservice.te
+++ b/vendor/qcom/common/hwservice.te
@@ -1,24 +1,25 @@
-type hal_display_color_hwservice, hwservice_manager_type;
-type hal_iwlan_hwservice, hwservice_manager_type;
-type hal_display_config_hwservice, hwservice_manager_type;
-type hal_display_postproc_hwservice, hwservice_manager_type;
-type hal_dpmqmi_hwservice, hwservice_manager_type;
-type hal_imsrtp_hwservice, hwservice_manager_type;
-type hal_imscallinfo_hwservice, hwservice_manager_type;
-type hal_datafactory_hwservice, hwservice_manager_type;
-type hal_cne_hwservice, hwservice_manager_type;
-type hal_latency_hwservice, hwservice_manager_type;
-type hal_imsrcsd_hwservice, hwservice_manager_type;
-type hal_ipacm_hwservice, hwservice_manager_type;
-type hal_qteeconnector_hwservice, hwservice_manager_type;
-type hal_voiceprint_hwservice, hwservice_manager_type;
-type vendor_hal_factory_qti_hwservice, hwservice_manager_type;
-type hal_tui_comm_hwservice, hwservice_manager_type;
-type hal_qdutils_disp_hwservice, hwservice_manager_type;
-type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type;
-type vnd_atcmdfwd_hwservice, hwservice_manager_type;
-type hal_dataconnection_hwservice, hwservice_manager_type;
-type hal_bluetooth_coexistence_hwservice, hwservice_manager_type;
-type hal_cacert_hwservice, hwservice_manager_type;
-type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type;
-type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_display_color_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_iwlan_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_display_config_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_display_postproc_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_dpmqmi_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_imsrtp_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_imscallinfo_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_datafactory_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_cne_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_latency_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_imsrcsd_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_ipacm_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_qteeconnector_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_voiceprint_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type vendor_hal_factory_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_tui_comm_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_qdutils_disp_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type vnd_atcmdfwd_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_dataconnection_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_cacert_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type;
+type hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_imsfactory_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index 2aecfbc..d6d205b 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -11,12 +11,11 @@ vendor.display.color::IDisplayColor                                     u:object
 vendor.display.config::IDisplayConfig                                   u:object_r:hal_display_config_hwservice:s0
 vendor.display.postproc::IDisplayPostproc                               u:object_r:hal_display_postproc_hwservice:s0
 vendor.qti.hardware.display.mapper::IQtiMapper                          u:object_r:hal_graphics_mapper_hwservice:s0
-vendor.qti.hardware.bluetooth_sar::IBluetoothSar                        u:object_r:hal_bluetooth_coexistence_hwservice:s0
-vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance           u:object_r:hal_bluetooth_coexistence_hwservice:s0
 vendor.qti.hardware.qdutils_disp::IQdutilsDisp                          u:object_r:hal_qdutils_disp_hwservice:s0
 vendor.qti.hardware.qteeconnector::IAppConnector                        u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.qteeconnector::IGPAppConnector                      u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.radio.am::IQcRilAudio                               u:object_r:hal_telephony_hwservice:s0
+vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo              u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.lpa::IUimLpa                                  u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook                        u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qtiradio::IQtiRadio                           u:object_r:hal_telephony_hwservice:s0
@@ -29,6 +28,7 @@ vendor.qti.hardware.tui_comm::ITuiComm                                  u:object
 vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd                           u:object_r:vnd_atcmdfwd_hwservice:s0
 vendor.qti.hardware.data.latency::ILinkLatency                          u:object_r:hal_latency_hwservice:s0
 vendor.qti.data.factory::IFactory                                       u:object_r:hal_datafactory_hwservice:s0
+vendor.qti.ims.factory::IImsFactory                                     u:object_r:hal_imsfactory_hwservice:s0
 vendor.qti.imsrtpservice::IRTPService                                   u:object_r:hal_imsrtp_hwservice:s0
 vendor.qti.hardware.cacert::IService                                    u:object_r:hal_cacert_hwservice:s0
 hardware.google.media.c2::IConfigurable                                 u:object_r:hal_codec2_hwservice:s0
@@ -37,3 +37,6 @@ vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore       u:object
 vendor.qti.hardware.display.allocator::IQtiAllocator                    u:object_r:hal_graphics_allocator_hwservice:s0
 vendor.qti.ims.callinfo::IService                                       u:object_r:hal_imscallinfo_hwservice:s0
 vendor.qti.hardware.qseecom::IQSEECom                                   u:object_r:hal_qseecom_hwservice:s0
+vendor.qti.hardware.mwqemadapter::IMwqemAdapter                         u:object_r:hal_mwqemadapter_hwservice:s0
+vendor.qti.hardware.bluetooth_sar::IBluetoothSar                        u:object_r:hal_bluetooth_coexistence_hwservice:s0
+vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance           u:object_r:hal_bluetooth_coexistence_hwservice:s0
diff --git a/vendor/qcom/common/init-qti-keymaster-sh.te b/vendor/qcom/common/init-qti-keymaster-sh.te
new file mode 100644
index 0000000..f5a6c31
--- /dev/null
+++ b/vendor/qcom/common/init-qti-keymaster-sh.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qti-keymaster-sh, domain;
+type init-qti-keymaster-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-qti-keymaster-sh)
+
+# Set vendor.keymaster.strongbox.version to 40 or 41
+set_prop(init-qti-keymaster-sh, vendor_km_strongbox_version_prop);
+
+allow init-qti-keymaster-sh vendor_shell_exec:file rx_file_perms;
+allow init-qti-keymaster-sh vendor_toolbox_exec:file rx_file_perms;
diff --git a/vendor/qcom/common/mediacodec.te b/vendor/qcom/common/mediacodec.te
index 5ef6b8f..bec15f6 100644
--- a/vendor/qcom/common/mediacodec.te
+++ b/vendor/qcom/common/mediacodec.te
@@ -3,3 +3,5 @@ get_prop(mediacodec, ecoservice_prop)
 allow mediacodec hal_camera_default:binder call;
 
 get_prop(mediacodec, vendor_display_prop)
+
+dontaudit mediacodec sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/mediatranscoding.te b/vendor/qcom/common/mediatranscoding.te
new file mode 100644
index 0000000..ab3f09d
--- /dev/null
+++ b/vendor/qcom/common/mediatranscoding.te
@@ -0,0 +1,2 @@
+get_prop(domain, vendor_display_prop)
+
diff --git a/vendor/qcom/common/netmgrd.te b/vendor/qcom/common/netmgrd.te
index 238a61b..4d53e7c 100644
--- a/vendor/qcom/common/netmgrd.te
+++ b/vendor/qcom/common/netmgrd.te
@@ -69,5 +69,6 @@ allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl;
 #Allow set persist.vendor.data.shsusr_load
 #Allow set persist.vendor.data.perf_ko_load
 #Allow set persist.vendor.data.qmipriod_load
+#Allow set persist.vendor.data.offload_ko_load
 set_prop(netmgrd, vendor_radio_prop)
 
diff --git a/vendor/qcom/common/pd_services.te b/vendor/qcom/common/pd_services.te
index 3f48cef..b504a16 100644
--- a/vendor/qcom/common/pd_services.te
+++ b/vendor/qcom/common/pd_services.te
@@ -6,7 +6,7 @@ init_daemon_domain(vendor_pd_mapper);
 allow vendor_pd_mapper self:qipcrtr_socket create_socket_perms_no_ioctl;
 
 userdebug_or_eng(`
-  allow vendor_pd_mapper kmsg_device:chr_file w_file_perms;
+  allow vendor_pd_mapper kmsg_device:chr_file rw_file_perms;
 ')
 
 dontaudit vendor_pd_mapper sysfs_esoc:dir search;
diff --git a/vendor/qcom/common/peripheral_manager.te b/vendor/qcom/common/peripheral_manager.te
index bd5f923..05e75bc 100644
--- a/vendor/qcom/common/peripheral_manager.te
+++ b/vendor/qcom/common/peripheral_manager.te
@@ -8,6 +8,7 @@ init_daemon_domain(vendor_per_mgr);
 vndbinder_use(vendor_per_mgr)
 binder_call(vendor_per_mgr, vendor_per_mgr)
 binder_call(vendor_per_mgr, wcnss_service)
+binder_call(vendor_per_mgr, rild)
 set_prop(vendor_per_mgr, vendor_per_mgr_state_prop)
 
 allow vendor_per_mgr self:qipcrtr_socket create_socket_perms_no_ioctl;
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index e088dad..81b3b55 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,64 +1,64 @@
-type uicc_prop, property_type;
-type qcom_ims_prop, property_type;
-type ctl_vendor_netmgrd_prop, property_type;
-type ctl_vendor_port-bridge_prop, property_type;
-type ctl_qcrild_prop, property_type;
-type vendor_tee_listener_prop, property_type;
-type ctl_vendor_rild_prop, property_type;
-type ctl_LKCore_prop, property_type;
-type freq_prop, property_type;
-type vendor_dataqti_prop, property_type;
-type cnd_vendor_prop, property_type;
-type sensors_prop, property_type;
-type slpi_prop, property_type;
-type msm_irqbalance_prop, property_type;
-type msm_irqbl_sdm630_prop, property_type;
-type camera_prop, property_type;
-type spcomlib_prop, property_type;
-type vendor_display_prop, property_type;
-type scr_enabled_prop, property_type;
-type bg_boot_complete_prop, property_type;
-type opengles_prop, property_type;
-type mdm_helper_prop, property_type;
-type vendor_mpctl_prop, property_type;
-type vendor_iop_prop, property_type;
-type vendor_preobtain_prop, property_type;
-type vendor_am_prop, property_type;
-type vendor_gralloc_prop, property_type;
-type fm_prop, property_type;
-type chgdiabled_prop, property_type;
-type vendor_xlat_prop, property_type;
-type location_prop, property_type;
-type qemu_hw_mainkeys_prop, property_type;
-type vendor_usb_prop, property_type;
-type public_vendor_system_prop, property_type;
-type vendor_coresight_prop, property_type;
-type public_vendor_default_prop, property_type;
-type vendor_alarm_boot_prop, property_type;
-type dolby_prop, property_type;
-type hwui_prop, property_type;
-type graphics_vulkan_prop, property_type;
-type bservice_prop, property_type;
-type reschedule_service_prop, property_type;
-type vendor_boot_mode_prop, property_type;
-type nfc_nq_prop, property_type;
-type vendor_rild_libpath_prop, property_type;
-type vendor_per_mgr_state_prop, property_type;
-type vendor_system_prop, property_type;
-type vendor_bluetooth_prop, property_type;
-type ctl_vendor_imsrcsservice_prop, property_type;
-type vendor_time_service_prop, property_type;
-type vendor_radio_prop, property_type;
-type vendor_audio_prop, property_type;
-type vendor_ssr_prop, property_type;
-type vendor_pd_locater_dbg_prop, property_type;
-type vendor_qdcmss_prop, property_type;
-type vendor_softap_prop, property_type;
-type mm_parser_prop, property_type;
-type mm_video_prop, property_type;
-type ctl_vendor_rmt_storage_prop, property_type;
-type vendor_wifi_version, property_type;
-type vendor_cnss_diag_prop, property_type;
-type vendor_modem_diag_prop, property_type;
-type vendor_ramdump_prop, property_type;
-type vendor_hvdcp_opti_prop, property_type;
+vendor_internal_prop(uicc_prop)
+vendor_restricted_prop(qcom_ims_prop)
+vendor_internal_prop(ctl_vendor_netmgrd_prop)
+vendor_internal_prop(ctl_vendor_port-bridge_prop)
+vendor_internal_prop(ctl_qcrild_prop)
+vendor_internal_prop(vendor_tee_listener_prop)
+vendor_internal_prop(ctl_vendor_rild_prop)
+vendor_internal_prop(ctl_LKCore_prop)
+vendor_internal_prop(freq_prop)
+vendor_internal_prop(vendor_dataqti_prop)
+vendor_restricted_prop(cnd_vendor_prop)
+vendor_internal_prop(sensors_prop)
+vendor_internal_prop(slpi_prop)
+vendor_internal_prop(msm_irqbalance_prop)
+vendor_internal_prop(msm_irqbl_sdm630_prop)
+vendor_restricted_prop(camera_prop)
+vendor_internal_prop(spcomlib_prop)
+vendor_restricted_prop(vendor_display_prop)
+vendor_internal_prop(scr_enabled_prop)
+vendor_internal_prop(bg_boot_complete_prop)
+vendor_internal_prop(opengles_prop)
+vendor_internal_prop(mdm_helper_prop)
+vendor_internal_prop(vendor_mpctl_prop)
+vendor_internal_prop(vendor_iop_prop)
+vendor_internal_prop(vendor_preobtain_prop)
+vendor_internal_prop(vendor_am_prop)
+vendor_internal_prop(vendor_gralloc_prop)
+vendor_internal_prop(fm_prop)
+vendor_internal_prop(chgdiabled_prop)
+vendor_internal_prop(vendor_xlat_prop)
+vendor_internal_prop(location_prop)
+vendor_internal_prop(qemu_hw_mainkeys_prop)
+vendor_internal_prop(vendor_usb_prop)
+vendor_internal_prop(public_vendor_system_prop)
+vendor_internal_prop(vendor_coresight_prop)
+vendor_restricted_prop(public_vendor_default_prop)
+vendor_internal_prop(vendor_alarm_boot_prop)
+vendor_internal_prop(dolby_prop)
+vendor_internal_prop(hwui_prop)
+vendor_internal_prop(graphics_vulkan_prop)
+vendor_internal_prop(bservice_prop)
+vendor_internal_prop(reschedule_service_prop)
+vendor_internal_prop(vendor_boot_mode_prop)
+vendor_internal_prop(nfc_nq_prop)
+vendor_internal_prop(vendor_rild_libpath_prop)
+vendor_internal_prop(vendor_per_mgr_state_prop)
+vendor_internal_prop(vendor_system_prop)
+vendor_internal_prop(vendor_bluetooth_prop)
+vendor_internal_prop(ctl_vendor_imsrcsservice_prop)
+vendor_internal_prop(vendor_time_service_prop)
+vendor_restricted_prop(vendor_radio_prop)
+vendor_internal_prop(vendor_audio_prop)
+vendor_internal_prop(vendor_ssr_prop)
+vendor_internal_prop(vendor_pd_locater_dbg_prop)
+vendor_internal_prop(vendor_qdcmss_prop)
+vendor_internal_prop(vendor_softap_prop)
+vendor_internal_prop(mm_parser_prop)
+vendor_internal_prop(mm_video_prop)
+vendor_internal_prop(ctl_vendor_rmt_storage_prop)
+vendor_internal_prop(vendor_wifi_version)
+vendor_internal_prop(vendor_cnss_diag_prop)
+vendor_internal_prop(vendor_modem_diag_prop)
+vendor_restricted_prop(vendor_hvdcp_opti_prop)
+vendor_restricted_prop(vendor_km_strongbox_version_prop)
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index cf09828..eebfb81 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -1,5 +1,6 @@
 # vendor_audio_prop
 vendor.audio.snd_card.open.retries              u:object_r:vendor_audio_prop:s0
+vendor.audio.adm.buffering.ms                   u:object_r:vendor_audio_prop:s0
 
 vendor.audio.volume.listener.dump               u:object_r:vendor_audio_prop:s0
 vendor.audio.volume.headset.gain.depcal         u:object_r:vendor_audio_prop:s0
@@ -38,7 +39,6 @@ persist.vendor.bt.soc.scram_freqs               u:object_r:vendor_bluetooth_prop
 
 ro.vendor.audio.sdk.fluencetype                 u:object_r:vendor_audio_prop:s0
 ro.vendor.ril.                                  u:object_r:vendor_radio_prop:s0
-ro.boot.ramdump                                 u:object_r:vendor_ramdump_prop:s0
 
 # vendor display prop
 vendor.gralloc.disable_ahardware_buffer         u:object_r:vendor_display_prop:s0
@@ -50,7 +50,6 @@ vendor.debug.prerotation.disable                u:object_r:vendor_display_prop:s
 vendor.debug.egl.swapinterval                   u:object_r:vendor_display_prop:s0
 ro.vendor.graphics.memory                       u:object_r:vendor_display_prop:s0
 
-vendor.debug.ramdump.                           u:object_r:vendor_ramdump_prop:s0
 vendor.ims.                                     u:object_r:qcom_ims_prop:s0
 vendor.peripheral.                              u:object_r:vendor_per_mgr_state_prop:s0
 vendor.sys.listeners.registered                 u:object_r:vendor_tee_listener_prop:s0
@@ -65,6 +64,7 @@ vendor.debug.ssrdump                            u:object_r:vendor_ssr_prop:s0
 persist.vendor.sys.cnss.                        u:object_r:vendor_cnss_diag_prop:s0
 persist.vendor.sys.crash_rcu                    u:object_r:vendor_ramdump_prop:s0
 persist.vendor.sys.ssr.                         u:object_r:vendor_ssr_prop:s0
+vendor.sys.ssr.                                 u:object_r:vendor_ssr_prop:s0
 
 ctl.vendor.rmt_storage                          u:object_r:ctl_vendor_rmt_storage_prop:s0
 
@@ -85,3 +85,7 @@ persist.vendor.data.shs_ko_load                 u:object_r:vendor_radio_prop:s0
 persist.vendor.data.shsusr_load                 u:object_r:vendor_radio_prop:s0
 persist.vendor.data.perf_ko_load                u:object_r:vendor_radio_prop:s0
 persist.vendor.data.qmipriod_load               u:object_r:vendor_radio_prop:s0
+persist.vendor.data.offload_ko_load             u:object_r:vendor_radio_prop:s0
+
+#keymaster strongbox service
+vendor.keymaster.strongbox.version u:object_r:vendor_km_strongbox_version_prop:s0
diff --git a/vendor/qcom/common/qtelephony.te b/vendor/qcom/common/qtelephony.te
index 315b1a2..29ce45f 100644
--- a/vendor/qcom/common/qtelephony.te
+++ b/vendor/qcom/common/qtelephony.te
@@ -7,6 +7,7 @@ add_hwservice(qtelephony, vnd_atcmdfwd_hwservice)
 allow qtelephony app_api_service:service_manager find;
 
 allow qtelephony hal_imsrtp_hwservice:hwservice_manager find;
+allow qtelephony hal_telephony_service:service_manager find;
 allow qtelephony radio_service:service_manager find;
 allow qtelephony sysfs_diag:dir search;
 allow qtelephony sysfs_timestamp_switch:file r_file_perms;
diff --git a/vendor/qcom/common/qtidataservices_app.te b/vendor/qcom/common/qtidataservices_app.te
index f6a80fc..2869a54 100644
--- a/vendor/qcom/common/qtidataservices_app.te
+++ b/vendor/qcom/common/qtidataservices_app.te
@@ -18,6 +18,6 @@ allow qtidataservices_app sysfs_soc:file r_file_perms;
 allow qtidataservices_app sysfs_ssr:file r_file_perms;
 
 get_prop(qtidataservices_app, vendor_default_prop)
-set_prop(qtidataservices_app, exported_radio_prop)
+set_prop(qtidataservices_app, telephony_status_prop)
 
 binder_call(qtidataservices_app, cnd)
diff --git a/vendor/qcom/common/rfs_access.te b/vendor/qcom/common/rfs_access.te
index 97d138d..14cb6a7 100644
--- a/vendor/qcom/common/rfs_access.te
+++ b/vendor/qcom/common/rfs_access.te
@@ -17,3 +17,5 @@ allow rfs_access rfs_tombstone_data_file:file create_file_perms;
 allow rfs_access self:qipcrtr_socket create_socket_perms_no_ioctl;
 
 wakelock_use(rfs_access)
+
+dontaudit rfs_access self:capability { dac_override dac_read_search };
diff --git a/vendor/qcom/common/rmt_storage.te b/vendor/qcom/common/rmt_storage.te
index f094ba9..70d9bce 100644
--- a/vendor/qcom/common/rmt_storage.te
+++ b/vendor/qcom/common/rmt_storage.te
@@ -6,7 +6,7 @@ wakelock_use(rmt_storage)
 
 r_dir_file(rmt_storage, sysfs_uio)
 
-get_prop(rmt_storage, exported3_radio_prop)
+get_prop(rmt_storage, radio_control_prop)
 set_prop(rmt_storage, vendor_modem_prop)
 
 allow rmt_storage kmsg_device:chr_file w_file_perms;
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index cb5dedf..fbf0b3a 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -1,11 +1,9 @@
-#TODO(b/126137625): moving dataservice app from system to radio process
-user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
-#user=system seinfo=platform name=.dataservices domain=dataservice_app type=system_app_data_file
+user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file levelFrom=user
 
 # Hardware Info Collection
-user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
 
-user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file
+user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file levelFrom=all
 
 user=_app seinfo=platform name=.qtidataservices domain=qtidataservices_app type=app_data_file levelFrom=all
 
@@ -15,7 +13,7 @@ user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymon
 user=_app seinfo=platform name=com.qualcomm.qti.services.secureui* domain=secure_ui_service_app levelFrom=all
 
 #Needed for time service apk
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
 
 # Use a custom domain for GoogleCamera, to allow for Hexagon DSP / Easel access
 user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
@@ -31,3 +29,9 @@ user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=qtelepho
 
 #Add DeviceInfoHidlClient to vendor_qtelephony
 user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=qtelephony type=app_data_file levelFrom=all
+
+# QtiTelephonyService app
+user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all
+
+#Add ExtTelephonyService to vendor_qtelephony
+user=_app seinfo=platform name=com.qti.phone domain=qtelephony type=app_data_file levelFrom=all
diff --git a/vendor/qcom/common/secure_ui_service_app.te b/vendor/qcom/common/secure_ui_service_app.te
index bcb3e97..f577653 100644
--- a/vendor/qcom/common/secure_ui_service_app.te
+++ b/vendor/qcom/common/secure_ui_service_app.te
@@ -5,8 +5,4 @@ binder_call(secure_ui_service_app, system_server)
 binder_call(secure_ui_service_app, hal_tui_comm_qti)
 
 allow secure_ui_service_app hal_tui_comm_hwservice:hwservice_manager find;
-allow secure_ui_service_app surfaceflinger_service:service_manager find;
-allow secure_ui_service_app telecom_service:service_manager find;
-allow secure_ui_service_app trust_service:service_manager find;
-allow secure_ui_service_app activity_service:service_manager find;
-allow secure_ui_service_app thermal_service:service_manager find;
+allow secure_ui_service_app app_api_service:service_manager find;
diff --git a/vendor/qcom/common/sensors.te b/vendor/qcom/common/sensors.te
index 95737d0..a423192 100644
--- a/vendor/qcom/common/sensors.te
+++ b/vendor/qcom/common/sensors.te
@@ -12,5 +12,7 @@ allow sensors self:qipcrtr_socket create;
 allow sensors sensors_persist_file:dir rw_dir_perms;
 r_dir_file(sensors, sysfs_msm_subsys)
 allow sensors sysfs_ssr:file r_file_perms;
+allow sensors sensors_vendor_data_file:dir rw_dir_perms;
+allow sensors sensors_vendor_data_file:file create_file_perms;
 
 dontaudit sensors sysfs_esoc:dir r_dir_perms;
diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te
index c2ea2f6..cb00941 100644
--- a/vendor/qcom/common/service.te
+++ b/vendor/qcom/common/service.te
@@ -4,3 +4,4 @@ type imsrcs_service,              service_manager_type;
 type improve_touch_service,       service_manager_type;
 type gba_auth_service,            service_manager_type;
 type qtitetherservice_service,    service_manager_type;
+type hal_telephony_service,       service_manager_type, vendor_service, protected_service;
diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts
new file mode 100644
index 0000000..c11263b
--- /dev/null
+++ b/vendor/qcom/common/service_contexts
@@ -0,0 +1,3 @@
+vendor.qti.hardware.radio.ims.IImsRadio/default        u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.ims.IImsRadio/imsradio0         u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.ims.IImsRadio/imsradio1         u:object_r:hal_telephony_service:s0
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index b28b1b7..d1e8cc1 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -31,3 +31,6 @@ allow tee hal_graphics_allocator_default:fd use;
 
 allow tee sysfs_wake_lock:file append;
 allow tee time_daemon:unix_stream_socket connectto;
+
+# allow tee access for secure UI to work
+allow tee graphics_device:chr_file rw_file_perms;
diff --git a/vendor/st/file_contexts b/vendor/st/file_contexts
index 594e74d..eddf11d 100644
--- a/vendor/st/file_contexts
+++ b/vendor/st/file_contexts
@@ -11,6 +11,5 @@
 
 ###################################
 # data files
-/data/vendor/ese(/.*)?                                                                u:object_r:ese_vendor_data_file:s0
 /data/nfc(/.*)?                                                                       u:object_r:nfc_data_file:s0
 
diff --git a/vendor/st/hal_nfc_default.te b/vendor/st/hal_nfc_default.te
index 66ce177..5f0c7f6 100644
--- a/vendor/st/hal_nfc_default.te
+++ b/vendor/st/hal_nfc_default.te
@@ -1,3 +1,9 @@
+# NFC property
+get_prop(hal_nfc_default, vendor_nfc_prop)
+
+# SecureElement property
+set_prop(hal_nfc_default, vendor_secure_element_prop)
+
 # Modem property
 set_prop(hal_nfc_default, vendor_modem_prop)
 
diff --git a/vendor/st/hal_secure_element_default.te b/vendor/st/hal_secure_element_default.te
index 94b811d..1c127ea 100644
--- a/vendor/st/hal_secure_element_default.te
+++ b/vendor/st/hal_secure_element_default.te
@@ -1,6 +1,5 @@
 allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default ese_vendor_data_file:dir create_dir_perms;
-allow hal_secure_element_default ese_vendor_data_file:file create_file_perms;
-allow hal_secure_element_default debugfs_ipc:dir search;
+dontaudit hal_secure_element_default debugfs_ipc:dir search;
 set_prop(hal_secure_element_default, vendor_secure_element_prop)
 get_prop(hal_secure_element_default, vendor_modem_prop)
+
diff --git a/vendor/st/property.te b/vendor/st/property.te
index d070080..723121a 100644
--- a/vendor/st/property.te
+++ b/vendor/st/property.te
@@ -1 +1,2 @@
-type vendor_secure_element_prop, property_type;
+vendor_internal_prop(vendor_nfc_prop)
+vendor_internal_prop(vendor_secure_element_prop)
diff --git a/vendor/st/property_contexts b/vendor/st/property_contexts
index 01a12e4..c6cd8a4 100644
--- a/vendor/st/property_contexts
+++ b/vendor/st/property_contexts
@@ -1,4 +1,6 @@
 # SecureElement
 persist.vendor.se.                              u:object_r:vendor_secure_element_prop:s0
 
+# NFC
+persist.vendor.nfc.                             u:object_r:vendor_nfc_prop:s0
 
diff --git a/vendor/st/vendor_init.te b/vendor/st/vendor_init.te
new file mode 100644
index 0000000..7de90e2
--- /dev/null
+++ b/vendor/st/vendor_init.te
@@ -0,0 +1,2 @@
+# NFC vendor property
+set_prop(vendor_init, vendor_nfc_prop)