diff --git a/sepolicy/private/dataservice_app.te b/sepolicy/private/dataservice_app.te
new file mode 100644
index 00000000..cb3d0693
--- /dev/null
+++ b/sepolicy/private/dataservice_app.te
@@ -0,0 +1,21 @@
+typeattribute dataservice_app coredomain;
+app_domain(dataservice_app)
+net_domain(dataservice_app)
+
+add_service(dataservice_app, cne_service)
+add_service(dataservice_app, uce_service)
+allow dataservice_app {
+  app_api_service
+  system_api_service
+  audioserver_service
+  radio_service
+}:service_manager find;
+
+allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
+allow dataservice_app hal_cne_hwservice:hwservice_manager find;
+
+allow dataservice_app system_app_data_file:dir create_dir_perms;
+allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+hwbinder_use(dataservice_app)
+
diff --git a/sepolicy/private/radio.te b/sepolicy/private/radio.te
new file mode 100644
index 00000000..9e505223
--- /dev/null
+++ b/sepolicy/private/radio.te
@@ -0,0 +1 @@
+allow radio uce_service:service_manager find;
diff --git a/sepolicy/private/service.te b/sepolicy/private/service.te
new file mode 100644
index 00000000..d6581237
--- /dev/null
+++ b/sepolicy/private/service.te
@@ -0,0 +1,2 @@
+type cne_service,                 service_manager_type;
+type uce_service,                 service_manager_type;
diff --git a/sepolicy/private/service_contexts b/sepolicy/private/service_contexts
index 5a25d1ef..3e53f9a5 100644
--- a/sepolicy/private/service_contexts
+++ b/sepolicy/private/service_contexts
@@ -1 +1,3 @@
 qti.ims.ext                                          u:object_r:radio_service:s0
+cneservice                                           u:object_r:cne_service:s0
+uce                                                  u:object_r:uce_service:s0
diff --git a/sepolicy/public/dataservice_app.te b/sepolicy/public/dataservice_app.te
new file mode 100644
index 00000000..8c8d82fa
--- /dev/null
+++ b/sepolicy/public/dataservice_app.te
@@ -0,0 +1 @@
+type dataservice_app, domain;
\ No newline at end of file
diff --git a/sepolicy/public/hwservice.te b/sepolicy/public/hwservice.te
new file mode 100644
index 00000000..73653011
--- /dev/null
+++ b/sepolicy/public/hwservice.te
@@ -0,0 +1,2 @@
+type hal_cne_hwservice, hwservice_manager_type;
+type hal_imsrcsd_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/dataservice_app.te b/sepolicy/vendor/dataservice_app.te
index 62156586..1cb94e3c 100644
--- a/sepolicy/vendor/dataservice_app.te
+++ b/sepolicy/vendor/dataservice_app.te
@@ -1,25 +1,8 @@
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-type dataservice_app, domain, coredomain;
-app_domain(dataservice_app)
-net_domain(dataservice_app)
-
 get_prop(dataservice_app, cnd_prop)
-add_service(dataservice_app, cne_service)
-add_service(dataservice_app, uce_service)
-allow dataservice_app { app_api_service system_api_service audioserver_service radio_service } :service_manager find;
 
 r_dir_file(dataservice_app, sysfs_msm_subsys)
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
 
-#TODO remove the following 2 if dataservice is moved out of system as part of b/38043081
-allow dataservice_app system_app_data_file:dir create_dir_perms;
-allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
-
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-allow dataservice_app hal_cne_hwservice:hwservice_manager find;
 binder_call(dataservice_app, cnd)
-hwbinder_use(dataservice_app)
 
 # imsrcsd to bind with UceShimService.apk
 binder_call(dataservice_app, hal_rcsservice)
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index 91901c7d..4a1ae5f8 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,6 +1,4 @@
 type vnd_ims_radio_hwservice, hwservice_manager_type;
 type vnd_qcrilhook_hwservice, hwservice_manager_type;
 type hal_imsrtp_hwservice, hwservice_manager_type;
-#TODO Move the following 2 types public SE policy (b/62574674)
-type hal_cne_hwservice, hwservice_manager_type;
-type hal_imsrcsd_hwservice, hwservice_manager_type;
+type hal_ipacm_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
index 41c3c4f7..af09105a 100644
--- a/sepolicy/vendor/netmgrd.te
+++ b/sepolicy/vendor/netmgrd.te
@@ -11,7 +11,7 @@ set_prop(netmgrd, net_rmnet_prop)
 unix_socket_connect(netmgrd, netd, netd)
 
 allow netmgrd netmgrd_socket:dir w_dir_perms;
-allow netmgrd netmgrd_socket:sock_file { create setattr };
+allow netmgrd netmgrd_socket:sock_file create_file_perms;
 allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
 allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
 allow netmgrd self:netlink_route_socket nlmsg_write;
@@ -38,6 +38,9 @@ domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
 
 #Allow diag logging
 allow netmgrd sysfs_timestamp_switch:file { read open };
+userdebug_or_eng(`
+  r_dir_file(netmgrd, sysfs_diag)
+')
 
 #Ignore if device loading for private IOCTL failed
 dontaudit netmgrd kernel:system { module_request };
diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
index 36c9050c..2beb473c 100644
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -15,7 +15,6 @@ allow radio hal_imsrtp_hwservice:hwservice_manager find;
 
 add_service(radio, radio_service)
 allow radio {
-  uce_service
   mediaextractor_service
   mediacodec_service
 }:service_manager find;
diff --git a/sepolicy/vendor/service.te b/sepolicy/vendor/service.te
index 5e9b4c13..2b24fe4b 100644
--- a/sepolicy/vendor/service.te
+++ b/sepolicy/vendor/service.te
@@ -1,3 +1 @@
-type cne_service,                 service_manager_type;
-type uce_service,                 service_manager_type;
 type imsuce_service,              service_manager_type;
diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts
index ac1da934..ad75ea18 100644
--- a/sepolicy/vendor/service_contexts
+++ b/sepolicy/vendor/service_contexts
@@ -1,5 +1,3 @@
 rcs                                                  u:object_r:radio_service:s0
-cneservice                                           u:object_r:cne_service:s0
 com.fingerprints.extension.IFingerprintNavigation    u:object_r:fingerprint_service:s0
-uce                                                  u:object_r:uce_service:s0
 com.qualcomm.qti.uceservice                          u:object_r:imsuce_service:s0