Cellebrite's full portfolio is not public what you see on their site are very basic turn-key solutions.
They have a bespoke service called CAIS as well as few other unlisted services which they do not advertise openly given their sensitive nature.
Their turn-key forensic solutions are tailored for general law enforcement and the public sector (private investigators, corporate security, law firms etc.), CAIS is usually offered to state security agencies and they have other services which are tailored towards intelligence and national security agencies.
Probably both, not necessarily "zero-days" at least not in the traditional sense but various attacks and services that they might not want to advertise publicly for various reasons (don't forget that as an Israeli company their exports are controlled by the Israeli Defense Ministry).
In some cases they might also offer a bring your own exploit type of service where they integrate client provided exploits with their existing platforms and solutions.
Some of their products are also hardware focused, their "Chinese SOC" attacks are mostly OS agnostic (Mediatek chipsets for example are attacked via some generic DMA exploit) and are designed specifically to assist LEA's to breaking into cheap disposable phone.
http://www.cellebrite.com/Media/Default/Files/Forensics/Data...
But like any company these days it pretty much depends on what you want to buy for them they'll offer you a wide range of services from idiot proof turn key solutions to bespoke consulting like services, if they do have the ability to break into iOS9 or a more generic way to attack Apple SOC's they will not advertise it openly, at least not initially from previous experience with them it can take months and even years between them actually have an initial capability to it being integrated into their open commercial products.
This isn't only done for secrecy reasons this is also pragmatic some attacks might be very case dependent, expensive, or even potentially destructive and so wont be offered with their normal forensic services (that have to comply to very strict forensic standards, including being able to openly explain how access was achieved to ensure that the data has actually been extracted correctly and chain of custody maintained) so quite often what they are offered under their more bespoke services are capabilities that are not (yet) commercially viable for general forensic use.
In this case the FBI or any other agency is quite likely not to care about presenting the information as evidence in court, and their risk appetite might also be considerably greater.
Your local police/DA on the other hand must be able to present the evidence and defend how it was obtained in court so the tool has to be certified (NIST in case of US courts) and the extraction method has to be defensible in court.
However if we are talking about zero-days then those also cannot be offered as part of their commercial turn key solutions (court defensibility aside) because the solutions they provide have to be reliable and consistent.
Zero-days for the most part are likely to be fixed quicker than their products can be shipped yet alone certified so anything which is that volatile will only be offered via their "consulting service" and the clients will be quite aware that they are paying for something that might be a one off solution only.
