diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk
index c24beed1..6f46edc7 100644
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk
@@ -6,6 +6,17 @@ BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials
 
 PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/private
 
+# Display
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/common
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/gs101
+
+# Micro sensor framework (usf)
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/usf
+
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/private
+
 #
 # Pixel-wide
 #
@@ -18,13 +29,5 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_ext
 #   PowerStats HAL
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
 
-# Display
-BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/common
-BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/gs101
-
-# Micro sensor framework (usf)
-BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/usf
-
 # sscoredump
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/sscoredump
-
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
new file mode 100644
index 00000000..9f462bda
--- /dev/null
+++ b/system_ext/private/property_contexts
@@ -0,0 +1,2 @@
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+persist.fingerprint.ghbm    u:object_r:fingerprint_ghbm_prop:s0    exact    bool
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
new file mode 100644
index 00000000..8908e485
--- /dev/null
+++ b/system_ext/public/property.te
@@ -0,0 +1,2 @@
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+system_vendor_config_prop(fingerprint_ghbm_prop)
diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te
index d22b6b0f..da7748f3 100644
--- a/whitechapel/vendor/google/hal_fingerprint_default.te
+++ b/whitechapel/vendor/google/hal_fingerprint_default.te
@@ -3,4 +3,5 @@ allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 allow hal_fingerprint_default sysfs_batteryinfo:file r_file_perms;
 allow hal_fingerprint_default sysfs_batteryinfo:dir search;
 allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
 add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
diff --git a/whitechapel/vendor/google/platform_app.te b/whitechapel/vendor/google/platform_app.te
index dd8a627c..246ec357 100644
--- a/whitechapel/vendor/google/platform_app.te
+++ b/whitechapel/vendor/google/platform_app.te
@@ -9,3 +9,6 @@ allow platform_app nfc_service:service_manager find;
 
 allow platform_app touch_context_service:service_manager find;
 binder_call(platform_app, twoshay)
+
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+get_prop(platform_app, fingerprint_ghbm_prop)