diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 1212d6ce..764cc877 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -54,3 +54,7 @@ type battery_history_device, dev_type;
 # Raw HID device
 type hidraw_device, dev_type;
 
+# SecureElement SPI device
+type st54spi_device, dev_type;
+type st33spi_device, dev_type;
+
diff --git a/whitechapel/vendor/google/euiccpixel_app.te b/whitechapel/vendor/google/euiccpixel_app.te
index db3d0aed..b03b48db 100644
--- a/whitechapel/vendor/google/euiccpixel_app.te
+++ b/whitechapel/vendor/google/euiccpixel_app.te
@@ -14,8 +14,11 @@ set_prop(euiccpixel_app, vendor_modem_prop)
 userdebug_or_eng(`
     net_domain(euiccpixel_app)
 
-    # Access to directly upgrade firmware on secure_element used for engineering devices
-    typeattribute secure_element_device mlstrustedobject;
-    allow euiccpixel_app secure_element_device:chr_file rw_file_perms;
+    # Access to directly upgrade firmware on st54spi_device used for engineering devices
+    typeattribute st54spi_device mlstrustedobject;
+    allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
+    # Access to directly upgrade firmware on st33spi_device used for engineering devices
+    typeattribute st33spi_device mlstrustedobject;
+    allow euiccpixel_app st33spi_device:chr_file rw_file_perms;
 ')
 
diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te
index f9d09d95..d6cf7315 100644
--- a/whitechapel/vendor/google/fastbootd.te
+++ b/whitechapel/vendor/google/fastbootd.te
@@ -1,6 +1,6 @@
 # Required by the bootcontrol HAL for the 'set_active' command.
 recovery_only(`
-allow fastbootd secure_element_device:chr_file rw_file_perms;
+allow fastbootd st54spi_device:chr_file rw_file_perms;
 allow fastbootd devinfo_block_device:blk_file rw_file_perms;
 allow fastbootd sda_block_device:blk_file rw_file_perms;
 allow fastbootd sysfs_ota:file rw_file_perms;
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 9b4c95b4..18a034c8 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -202,3 +202,6 @@ type sysfs_sjtag, fs_type, sysfs_type;
 userdebug_or_eng(`
     typeattribute sysfs_sjtag mlstrustedobject;
 ')
+
+# SecureElement
+type sysfs_st33spi, sysfs_type, fs_type;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index a27cdc2b..c460e6a8 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -287,13 +287,11 @@
 /data/nfc(/.*)?                                                                       u:object_r:nfc_data_file:s0
 
 # SecureElement
-/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service\.st     u:object_r:hal_secure_element_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto     u:object_r:hal_secure_element_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2     u:object_r:hal_secure_element_default_exec:s0
-/dev/st54j_se                                                                         u:object_r:secure_element_device:s0
-/dev/st54spi                                                                          u:object_r:secure_element_device:s0
-/dev/st33spi                                                                          u:object_r:secure_element_device:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto     u:object_r:hal_secure_element_st54spi_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2    u:object_r:hal_secure_element_st33spi_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service    u:object_r:hal_secure_element_default_exec:s0
+/dev/st54spi                                                                          u:object_r:st54spi_device:s0
+/dev/st33spi                                                                          u:object_r:st33spi_device:s0
 
 # Bluetooth
 /dev/wbrc                           u:object_r:wb_coexistence_dev:s0
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 59aa244d..7d622e4a 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -320,3 +320,7 @@ genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time
 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
 
+# SecureElement
+genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0/st33spi    u:object_r:sysfs_st33spi:s0
+genfscon sysfs /devices/platform/175c0000.spi/spi_master/spi15/spi15.0/st33spi  u:object_r:sysfs_st33spi:s0
+
diff --git a/whitechapel/vendor/google/hal_secure_element_default.te b/whitechapel/vendor/google/hal_secure_element_default.te
index dc048746..17a679d2 100644
--- a/whitechapel/vendor/google/hal_secure_element_default.te
+++ b/whitechapel/vendor/google/hal_secure_element_default.te
@@ -1,7 +1,5 @@
 allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
 set_prop(hal_secure_element_default, vendor_secure_element_prop)
-set_prop(hal_secure_element_default, vendor_nfc_prop)
 set_prop(hal_secure_element_default, vendor_modem_prop)
 
 # Allow hal_secure_element_default to access rild
diff --git a/whitechapel/vendor/google/hal_secure_element_st33spi.te b/whitechapel/vendor/google/hal_secure_element_st33spi.te
new file mode 100644
index 00000000..a5978f20
--- /dev/null
+++ b/whitechapel/vendor/google/hal_secure_element_st33spi.te
@@ -0,0 +1,8 @@
+type hal_secure_element_st33spi, domain;
+hal_server_domain(hal_secure_element_st33spi, hal_secure_element)
+type hal_secure_element_st33spi_exec, exec_type, vendor_file_type, file_type;
+
+allow hal_secure_element_st33spi st33spi_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st33spi, vendor_secure_element_prop)
+
+init_daemon_domain(hal_secure_element_st33spi)
diff --git a/whitechapel/vendor/google/hal_secure_element_st54spi.te b/whitechapel/vendor/google/hal_secure_element_st54spi.te
new file mode 100644
index 00000000..7f6ea41b
--- /dev/null
+++ b/whitechapel/vendor/google/hal_secure_element_st54spi.te
@@ -0,0 +1,9 @@
+type hal_secure_element_st54spi, domain;
+hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
+type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
+allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
+allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)
+set_prop(hal_secure_element_st54spi, vendor_nfc_prop)
+set_prop(hal_secure_element_st54spi, vendor_modem_prop)
+init_daemon_domain(hal_secure_element_st54spi)
diff --git a/whitechapel/vendor/google/ofl_app.te b/whitechapel/vendor/google/ofl_app.te
index e3f61408..a9498165 100644
--- a/whitechapel/vendor/google/ofl_app.te
+++ b/whitechapel/vendor/google/ofl_app.te
@@ -11,7 +11,10 @@ userdebug_or_eng(`
   allow ofl_app radio_service:service_manager find;
   allow ofl_app surfaceflinger_service:service_manager find;
 
-  # Access to directly update firmware on secure_element
-  typeattribute secure_element_device mlstrustedobject;
-  allow ofl_app secure_element_device:chr_file rw_file_perms;
+  # Access to directly update firmware on st54spi_device
+  typeattribute st54spi_device mlstrustedobject;
+  allow ofl_app st54spi_device:chr_file rw_file_perms;
+  # Access to directly update firmware on st33spi_device
+  typeattribute st33spi_device mlstrustedobject;
+  allow ofl_app st33spi_device:chr_file rw_file_perms;
 ')
diff --git a/whitechapel/vendor/google/recovery.te b/whitechapel/vendor/google/recovery.te
index 4687a43c..1974ebb1 100644
--- a/whitechapel/vendor/google/recovery.te
+++ b/whitechapel/vendor/google/recovery.te
@@ -1,4 +1,4 @@
 recovery_only(`
   allow recovery sysfs_ota:file rw_file_perms;
-  allow recovery secure_element_device:chr_file rw_file_perms;
+  allow recovery st54spi_device:chr_file rw_file_perms;
 ')
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index c1db5e43..321da078 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -18,6 +18,7 @@ allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file write;
 allow vendor_init bootdevice_sysdev:file create_file_perms;
 allow vendor_init block_device:lnk_file setattr;
+allow vendor_init sysfs_st33spi:file w_file_perms;
 
 userdebug_or_eng(`
   set_prop(vendor_init, logpersistd_logging_prop)