diff --git a/whitechapel_pro/convert-to-ext4-sh.te b/whitechapel_pro/convert-to-ext4-sh.te
new file mode 100644
index 00000000..fa8df643
--- /dev/null
+++ b/whitechapel_pro/convert-to-ext4-sh.te
@@ -0,0 +1,47 @@
+type convert-to-ext4-sh, domain, coredomain;
+type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+  permissive convert-to-ext4-sh;
+
+  init_daemon_domain(convert-to-ext4-sh)
+
+  allow convert-to-ext4-sh block_device:dir search;
+  allow convert-to-ext4-sh e2fs_exec:file rx_file_perms;
+  allow convert-to-ext4-sh efs_block_device:blk_file rw_file_perms;
+  allow convert-to-ext4-sh kernel:process setsched;
+  allow convert-to-ext4-sh kmsg_device:chr_file rw_file_perms;
+  allow convert-to-ext4-sh persist_audio_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_audio_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_block_device:blk_file rw_file_perms;
+  allow convert-to-ext4-sh persist_camera_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_camera_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_display_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_display_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_file:dir { getattr open read search };
+  allow convert-to-ext4-sh persist_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_haptics_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_haptics_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_sensor_reg_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_sensor_reg_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_ss_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_ss_file:file rw_file_perms;
+  allow convert-to-ext4-sh persist_uwb_file:dir { rw_file_perms search };
+  allow convert-to-ext4-sh persist_uwb_file:file rw_file_perms;
+  allow convert-to-ext4-sh shell_exec:file rx_file_perms;
+  allow convert-to-ext4-sh sysfs_fs_ext4_features:dir { read search };
+  allow convert-to-ext4-sh sysfs_fs_ext4_features:file read;
+  allow convert-to-ext4-sh tmpfs:dir { add_name create mounton open };
+  allow convert-to-ext4-sh tmpfs:dir { remove_name rmdir rw_file_perms setattr };
+  allow convert-to-ext4-sh tmpfs:file { create rw_file_perms unlink };
+  allow convert-to-ext4-sh toolbox_exec:file rx_file_perms;
+
+  allowxperm convert-to-ext4-sh { efs_block_device persist_block_device}:blk_file ioctl {
+    BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET LOOP_CLR_FD
+  };
+
+  dontaudit convert-to-ext4-sh labeledfs:filesystem  { mount unmount };
+  dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio };
+  dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr };
+  dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr };
+')
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index be4f5506..78a43624 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -43,6 +43,7 @@
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0
 /vendor/bin/hw/battery_mitigation                                           u:object_r:battery_mitigation_exec:s0
 /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel                   u:object_r:hal_memtrack_default_exec:s0
+/system_ext/bin/convert_to_ext4\.sh                                         u:object_r:convert-to-ext4-sh_exec:s0
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0