diff --git a/aoc/aocd.te b/aoc/aocd.te
index 79add165..69b0af0d 100644
--- a/aoc/aocd.te
+++ b/aoc/aocd.te
@@ -12,7 +12,7 @@ allow aocd sysfs_aoc:dir search;
 allow aocd sysfs_aoc_firmware:file w_file_perms;
 
 # dev operations
-allow aocd aoc_device:chr_file r_file_perms;
+allow aocd aoc_device:chr_file rw_file_perms;
 
 # allow inotify to watch for additions/removals from /dev
 allow aocd device:dir r_dir_perms;
diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te
index a5fc57c6..d327aa60 100644
--- a/whitechapel_pro/device.te
+++ b/whitechapel_pro/device.te
@@ -12,6 +12,7 @@ type lwis_device, dev_type;
 type logbuffer_device, dev_type;
 type rls_device, dev_type;
 type fingerprint_device, dev_type;
+type gxp_device, dev_type, mlstrustedobject;
 type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
 type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
 type vframe_heap_device, dmabuf_heap_device_type, dev_type;
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index ec661202..f86fa5f1 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -43,6 +43,7 @@
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
 /vendor/firmware/mali_csffw\.bin                                            u:object_r:same_process_hal_file:s0
+/vendor/firmware/gxp_fw_core[0-3]                                           u:object_r:same_process_hal_file:s0
 
 # Vendor libraries
 /vendor/lib(64)?/libdrm\.so                                                 u:object_r:same_process_hal_file:s0
@@ -56,10 +57,12 @@
 /vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libprotobuf-cpp-lite-3\.9\.1\.so                           u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
 
 # Graphics
 /vendor/lib(64)?/hw/gralloc\.gs201\.so                                      u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/vulkan\.mali\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so                                     u:object_r:same_process_hal_file:s0
 
 # Vendor kernel modules
 /vendor_dlkm/lib/modules/.*\.ko                                             u:object_r:vendor_kernel_modules:s0
@@ -132,6 +135,7 @@
 /dev/dri/card0                                                              u:object_r:graphics_device:s0
 /dev/fimg2d                                                                 u:object_r:graphics_device:s0
 /dev/g2d                                                                    u:object_r:graphics_device:s0
+/dev/gxp                                                                    u:object_r:gxp_device:s0
 /dev/dit2                                                                   u:object_r:vendor_toe_device:s0
 /dev/trusty-ipc-dev0                                                        u:object_r:tee_device:s0
 /dev/sg1                                                                    u:object_r:sg_device:s0
@@ -155,6 +159,7 @@
 /dev/block/platform/14700000\.ufs/by-name/bl2_[ab]                          u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/bl31_[ab]                         u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/boot_[ab]                         u:object_r:boot_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/init_boot_[ab]                    u:object_r:boot_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/devinfo                           u:object_r:devinfo_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/dpm_[ab]                          u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/dram_train_[ab]                   u:object_r:custom_ab_block_device:s0
diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te
index 43ea14e3..ad097810 100644
--- a/whitechapel_pro/google_camera_app.te
+++ b/whitechapel_pro/google_camera_app.te
@@ -7,3 +7,9 @@ allow google_camera_app cameraserver_service:service_manager find;
 allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;
+
+# Allows camera app to access the GXP device.
+allow google_camera_app gxp_device:chr_file rw_file_perms;
+
+# Allows camera app to search for GXP firmware file.
+allow google_camera_app vendor_fw_file:dir search;
diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te
index f604875f..779157ca 100644
--- a/whitechapel_pro/hal_camera_default.te
+++ b/whitechapel_pro/hal_camera_default.te
@@ -24,6 +24,9 @@ allow hal_camera_default sysfs_edgetpu:file r_file_perms;
 allow hal_camera_default edgetpu_vendor_service:service_manager find;
 binder_call(hal_camera_default, edgetpu_vendor_server)
 
+# Allow the camera hal to access the GXP device.
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+
 # Allow access to data files used by the camera HAL
 allow hal_camera_default mnt_vendor_file:dir search;
 allow hal_camera_default persist_file:dir search;
diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te
index a29bb730..69190603 100644
--- a/whitechapel_pro/hal_sensors_default.te
+++ b/whitechapel_pro/hal_sensors_default.te
@@ -48,3 +48,6 @@ allow hal_sensors_default hal_pixel_display_service:service_manager find;
 # Allow display_info_service access to the backlight driver.
 allow hal_sensors_default sysfs_leds:dir search;
 allow hal_sensors_default sysfs_leds:file r_file_perms;
+
+# Allow sensor HAL to access the graphics composer.
+binder_call(hal_sensors_default, hal_graphics_composer_default);
diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te
index 89ed610d..d8c8c290 100644
--- a/whitechapel_pro/rild.te
+++ b/whitechapel_pro/rild.te
@@ -25,6 +25,7 @@ binder_call(rild, vendor_rcs_app)
 binder_call(rild, oemrilservice_app)
 binder_call(rild, hal_secure_element_uicc)
 binder_call(rild, grilservice_app)
+binder_call(rild, vendor_engineermode_app)
 
 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts
index 81577b60..88789fc7 100644
--- a/whitechapel_pro/seapp_contexts
+++ b/whitechapel_pro/seapp_contexts
@@ -14,6 +14,9 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.uartswitch domain=ve
 user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all
 user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode domain=vendor_telephony_network_test_app levelFrom=all
 
+# Samsung S.LSI engineer mode
+user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
+
 # Hardware Info Collection
 user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
 
diff --git a/whitechapel_pro/vendor_engineermode_app.te b/whitechapel_pro/vendor_engineermode_app.te
new file mode 100644
index 00000000..d35403a2
--- /dev/null
+++ b/whitechapel_pro/vendor_engineermode_app.te
@@ -0,0 +1,12 @@
+type vendor_engineermode_app, domain;
+app_domain(vendor_engineermode_app)
+
+binder_call(vendor_engineermode_app, rild)
+
+allow vendor_engineermode_app app_api_service:service_manager find;
+allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+userdebug_or_eng(`
+  dontaudit vendor_engineermode_app default_prop:file r_file_perms;
+')
+