diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te
new file mode 100644
index 00000000..8bf71cc9
--- /dev/null
+++ b/system_ext/private/pixelntnservice_app.te
@@ -0,0 +1,5 @@
+typeattribute pixelntnservice_app coredomain;
+
+app_domain(pixelntnservice_app);
+allow pixelntnservice_app app_api_service:service_manager find;
+set_prop(pixelntnservice_app, telephony_modem_prop)
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index ffb1793c..4e60110f 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -2,4 +2,5 @@
 persist.fingerprint.ghbm    u:object_r:fingerprint_ghbm_prop:s0    exact    bool
 
 # Telephony
+telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0    exact enum ntn tn
 telephony.ril.silent_reset    u:object_r:telephony_ril_prop:s0    exact    bool
diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts
index 82f4347c..0a2050e2 100644
--- a/system_ext/private/seapp_contexts
+++ b/system_ext/private/seapp_contexts
@@ -8,3 +8,5 @@ user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app
 # TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
 
+# PixelNtnService
+user=system seinfo=platform name=com.google.android.satellite domain=pixelntnservice_app type=app_data_file levelFrom=all
diff --git a/system_ext/public/pixelntnservice_app.te b/system_ext/public/pixelntnservice_app.te
new file mode 100644
index 00000000..10661b66
--- /dev/null
+++ b/system_ext/public/pixelntnservice_app.te
@@ -0,0 +1 @@
+type pixelntnservice_app, domain;
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index 823acf59..e194720a 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -3,7 +3,8 @@ system_vendor_config_prop(fingerprint_ghbm_prop)
 
 # Telephony
 system_public_prop(telephony_ril_prop)
+system_restricted_prop(telephony_modem_prop)
 
 userdebug_or_eng(`
   set_prop(shell, telephony_ril_prop)
-')
\ No newline at end of file
+')
diff --git a/whitechapel_pro/cbd.te b/whitechapel_pro/cbd.te
index c4cfe7a6..9cb7ee2a 100644
--- a/whitechapel_pro/cbd.te
+++ b/whitechapel_pro/cbd.te
@@ -5,6 +5,7 @@ init_daemon_domain(cbd)
 set_prop(cbd, vendor_modem_prop)
 set_prop(cbd, vendor_cbd_prop)
 set_prop(cbd, vendor_rild_prop)
+get_prop(cbd, telephony_modem_prop)
 
 # Allow cbd to set gid/uid from too to radio
 allow cbd self:capability { setgid setuid };
diff --git a/whitechapel_pro/rfsd.te b/whitechapel_pro/rfsd.te
index 2d1f0928..b4508328 100644
--- a/whitechapel_pro/rfsd.te
+++ b/whitechapel_pro/rfsd.te
@@ -32,6 +32,7 @@ allow rfsd radio_device:chr_file rw_file_perms;
 # Allow to set rild and modem property
 set_prop(rfsd, vendor_modem_prop)
 set_prop(rfsd, vendor_rild_prop)
+set_prop(cbd, vendor_cbd_prop)
 
 # Allow rfsd to access modem image file/dir
 allow rfsd modem_img_file:dir r_dir_perms;
diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te
index c8acdbb5..7ee3c95b 100644
--- a/whitechapel_pro/vendor_init.te
+++ b/whitechapel_pro/vendor_init.te
@@ -11,6 +11,8 @@ set_prop(vendor_init, vendor_usb_config_prop)
 set_prop(vendor_init, vendor_rild_prop)
 set_prop(vendor_init, logpersistd_logging_prop)
 set_prop(vendor_init, vendor_logger_prop)
+get_prop(vendor_init, telephony_modem_prop)
+
 
 allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file w_file_perms;