diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te
index 426ebadb..b66248a7 100644
--- a/whitechapel_pro/device.te
+++ b/whitechapel_pro/device.te
@@ -19,6 +19,7 @@ type vframe_heap_device, dmabuf_heap_device_type, dev_type;
 type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
 type radio_test_device, dev_type;
 type vendor_gnss_device, dev_type;
+type fips_block_device, dev_type;
 
 # SecureElement SPI device
 type st54spi_device, dev_type;
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index b3357a77..2a6eaa98 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -44,6 +44,7 @@
 /system_ext/bin/convert_to_ext4\.sh                                         u:object_r:convert-to-ext4-sh_exec:s0
 /vendor/bin/hw/disable_contaminant_detection\.sh                            u:object_r:disable-contaminant-detection-sh_exec:s0
 /vendor/bin/dump/dump_power_gs201\.sh                                       u:object_r:dump_power_gs201_exec:s0
+/vendor/bin/ufs_firmware_update\.sh                                         u:object_r:ufs_firmware_update_exec:s0
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
@@ -190,6 +191,7 @@
 /dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab]                u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab]                  u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab]           u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/fips                              u:object_r:fips_block_device:s0
 
 # Data
 /data/vendor/slog(/.*)?                                                     u:object_r:vendor_slog_file:s0
diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts
index bde62aef..7a9672df 100644
--- a/whitechapel_pro/genfs_contexts
+++ b/whitechapel_pro/genfs_contexts
@@ -177,6 +177,9 @@ genfscon sysfs /devices/platform/14700000.ufs/health_descriptor         u:object
 genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:  u:object_r:sysfs_scsi_devices_0000:s0
 genfscon sysfs /devices/platform/14700000.ufs/ufs_stats                 u:object_r:sysfs_scsi_devices_0000:s0
 genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf   u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/vendor                    u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/model                     u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/rev                       u:object_r:sysfs_scsi_devices_0000:s0
 
 # debugfs
 genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
diff --git a/whitechapel_pro/ufs_firmware_update.te b/whitechapel_pro/ufs_firmware_update.te
new file mode 100644
index 00000000..53ceba56
--- /dev/null
+++ b/whitechapel_pro/ufs_firmware_update.te
@@ -0,0 +1,10 @@
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(ufs_firmware_update)
+
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
+allow ufs_firmware_update block_device:dir r_dir_perms;
+allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update sysfs:dir r_dir_perms;
+allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;