diff --git a/nfc/sepolicy_st54spi/file.te b/nfc/sepolicy_st54spi/file.te
new file mode 100644
index 0000000..5f9a80d
--- /dev/null
+++ b/nfc/sepolicy_st54spi/file.te
@@ -0,0 +1,3 @@
+# SecureElement SPI device
+type st54spi_device, dev_type;
+
diff --git a/nfc/sepolicy_st54spi/file_contexts b/nfc/sepolicy_st54spi/file_contexts
new file mode 100644
index 0000000..f2762f3
--- /dev/null
+++ b/nfc/sepolicy_st54spi/file_contexts
@@ -0,0 +1,3 @@
+/dev/st54spi                                                                u:object_r:st54spi_device:s0
+/vendor/bin/hw/android\.hardware\.secure_element-service\.thales            u:object_r:hal_secure_element_st54spi_aidl_exec:s0
+
diff --git a/nfc/sepolicy_st54spi/hal_secure_element_st54spi_aidl.te b/nfc/sepolicy_st54spi/hal_secure_element_st54spi_aidl.te
new file mode 100644
index 0000000..f2051e0
--- /dev/null
+++ b/nfc/sepolicy_st54spi/hal_secure_element_st54spi_aidl.te
@@ -0,0 +1,9 @@
+# sepolicy for ST54L secure element
+type hal_secure_element_st54spi_aidl, domain;
+type hal_secure_element_st54spi_aidl_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secure_element_st54spi_aidl)
+hal_server_domain(hal_secure_element_st54spi_aidl, hal_secure_element)
+allow hal_secure_element_st54spi_aidl st54spi_device:chr_file rw_file_perms;
+allow hal_secure_element_st54spi_aidl nfc_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st54spi_aidl, vendor_secure_element_prop)
+
diff --git a/nfc/sepolicy_st54spi/property.te b/nfc/sepolicy_st54spi/property.te
new file mode 100644
index 0000000..1ac5526
--- /dev/null
+++ b/nfc/sepolicy_st54spi/property.te
@@ -0,0 +1,3 @@
+# SecureElement vendor property
+vendor_internal_prop(vendor_secure_element_prop)
+
diff --git a/nfc/sepolicy_st54spi/property_contexts b/nfc/sepolicy_st54spi/property_contexts
new file mode 100644
index 0000000..2067a86
--- /dev/null
+++ b/nfc/sepolicy_st54spi/property_contexts
@@ -0,0 +1,2 @@
+# SecureElement vendor property
+persist.vendor.se.                         u:object_r:vendor_secure_element_prop:s0
diff --git a/nfc/sepolicy_st54spi/vendor_init.te b/nfc/sepolicy_st54spi/vendor_init.te
new file mode 100644
index 0000000..91e5cdb
--- /dev/null
+++ b/nfc/sepolicy_st54spi/vendor_init.te
@@ -0,0 +1,2 @@
+# SecureElement vendor property
+set_prop(vendor_init, vendor_secure_element_prop)
diff --git a/nfc/st54spi.mk b/nfc/st54spi.mk
new file mode 100644
index 0000000..046de87
--- /dev/null
+++ b/nfc/st54spi.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/nfc/sepolicy_st54spi
+PRODUCT_PACKAGES += android.hardware.secure_element-service.thales
+
diff --git a/storage/sepolicy/ufs_firmware_update.te b/storage/sepolicy/ufs_firmware_update.te
new file mode 100644
index 0000000..1b92976
--- /dev/null
+++ b/storage/sepolicy/ufs_firmware_update.te
@@ -0,0 +1,9 @@
+# support ufs ffu via ota
+init_daemon_domain(ufs_firmware_update)
+
+# support ufs ffu via ota
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
+allow ufs_firmware_update block_device:dir { search };
+allow ufs_firmware_update ufs_internal_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
+