diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te
new file mode 100644
index 00000000..8bf71cc9
--- /dev/null
+++ b/system_ext/private/pixelntnservice_app.te
@@ -0,0 +1,5 @@
+typeattribute pixelntnservice_app coredomain;
+
+app_domain(pixelntnservice_app);
+allow pixelntnservice_app app_api_service:service_manager find;
+set_prop(pixelntnservice_app, telephony_modem_prop)
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index a8e90427..1bc593cc 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -5,4 +5,5 @@ persist.fingerprint.ghbm    u:object_r:fingerprint_ghbm_prop:s0    exact    bool
 persist.modem.esim_profiles_exist            u:object_r:esim_modem_prop:s0    exact    string
 
 # Telephony
+telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0    exact enum ntn tn
 telephony.ril.silent_reset    u:object_r:telephony_ril_prop:s0    exact    bool
diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts
index 6ac71499..2f3c6785 100644
--- a/system_ext/private/seapp_contexts
+++ b/system_ext/private/seapp_contexts
@@ -6,3 +6,6 @@ user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymon
 
 # HbmSVManager
 user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
+
+# PixelNtnService
+user=system seinfo=platform name=com.google.android.satellite domain=pixelntnservice_app type=app_data_file levelFrom=all
diff --git a/system_ext/public/pixelntnservice_app.te b/system_ext/public/pixelntnservice_app.te
new file mode 100644
index 00000000..10661b66
--- /dev/null
+++ b/system_ext/public/pixelntnservice_app.te
@@ -0,0 +1 @@
+type pixelntnservice_app, domain;
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index 1abcc84a..bf64eaad 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -6,7 +6,8 @@ system_vendor_config_prop(esim_modem_prop)
 
 # Telephony
 system_public_prop(telephony_ril_prop)
+system_restricted_prop(telephony_modem_prop)
 
 userdebug_or_eng(`
   set_prop(shell, telephony_ril_prop)
-')
\ No newline at end of file
+')
diff --git a/whitechapel/vendor/google/cbd.te b/whitechapel/vendor/google/cbd.te
index cbd222ff..6b41f57e 100644
--- a/whitechapel/vendor/google/cbd.te
+++ b/whitechapel/vendor/google/cbd.te
@@ -5,6 +5,7 @@ init_daemon_domain(cbd)
 set_prop(cbd, vendor_modem_prop)
 set_prop(cbd, vendor_cbd_prop)
 set_prop(cbd, vendor_rild_prop)
+get_prop(cbd, telephony_modem_prop)
 
 # Allow cbd to setuid from root to radio
 # TODO: confirming with vendor via b/182334947
diff --git a/whitechapel/vendor/google/rfsd.te b/whitechapel/vendor/google/rfsd.te
index 2f7102fc..f51ba865 100644
--- a/whitechapel/vendor/google/rfsd.te
+++ b/whitechapel/vendor/google/rfsd.te
@@ -32,6 +32,7 @@ allow rfsd radio_device:chr_file rw_file_perms;
 # Allow to set rild and modem property
 set_prop(rfsd, vendor_modem_prop)
 set_prop(rfsd, vendor_rild_prop)
+set_prop(cbd, vendor_cbd_prop)
 
 # Allow rfsd to access modem image file/dir
 allow rfsd modem_img_file:dir r_dir_perms;
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index 5ff78d4d..3771394b 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -14,6 +14,8 @@ get_prop(vendor_init, vendor_touchpanel_prop)
 set_prop(vendor_init, vendor_tcpdump_log_prop)
 set_prop(vendor_init, vendor_logger_prop)
 set_prop(vendor_init, esim_modem_prop)
+get_prop(vendor_init, telephony_modem_prop)
+
 
 allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file write;