diff --git a/device.mk b/device.mk
index 1a60244d..027909d2 100755
--- a/device.mk
+++ b/device.mk
@@ -40,7 +40,7 @@ PRODUCT_COPY_FILES += \
# Set the SVN for the targeted MR release
PRODUCT_PROPERTY_OVERRIDES += \
- ro.vendor.build.svn=22
+ ro.vendor.build.svn=23
# Enforce privapp-permissions whitelist
PRODUCT_PROPERTY_OVERRIDES += \
diff --git a/sepolicy/vendor/certs/pulse-release.x509.pem b/sepolicy/vendor/certs/pulse-release.x509.pem
new file mode 100644
index 00000000..fb11572f
--- /dev/null
+++ b/sepolicy/vendor/certs/pulse-release.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index 190a6a08..946bb2ac 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -19,3 +19,5 @@ userdebug_or_eng(`
allow hal_camera_default camera_vendor_data_file:dir create_dir_perms;
allow hal_camera_default camera_vendor_data_file:file create_file_perms;
')
+
+get_prop(hal_camera_default, vendor_radio_prop);
\ No newline at end of file
diff --git a/sepolicy/vendor/keys.conf b/sepolicy/vendor/keys.conf
index 2b72a8b4..c0e83857 100644
--- a/sepolicy/vendor/keys.conf
+++ b/sepolicy/vendor/keys.conf
@@ -9,6 +9,9 @@ USER : device/google/wahoo/sepolicy/vendor/certs/tango_userdev.x509.pem
[@GOOGLE]
ALL : device/google/wahoo/sepolicy/vendor/certs/app.x509.pem
+[@GOOGLEPULSE]
+ALL : device/google/wahoo/sepolicy/vendor/certs/pulse-release.x509.pem
+
[@EASEL]
ALL : device/google/wahoo/sepolicy/vendor/certs/easel.x509.pem
diff --git a/sepolicy/vendor/mac_permissions.xml b/sepolicy/vendor/mac_permissions.xml
index 95feba7b..3752a38b 100644
--- a/sepolicy/vendor/mac_permissions.xml
+++ b/sepolicy/vendor/mac_permissions.xml
@@ -24,6 +24,9 @@
+
+
+
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index f92420c0..52052ae0 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -50,6 +50,7 @@ ro.vendor.graphics.memory u:object_r:public_vendor_default_prop:s0
vendor.debug.egl.changepixelformat u:object_r:public_vendor_default_prop:s0
vendor.debug.prerotation.disable u:object_r:public_vendor_default_prop:s0
vendor.debug.rs. u:object_r:public_vendor_default_prop:s0
+vendor.debug.egl.swapinterval u:object_r:public_vendor_default_prop:s0
# public_vendor_system_prop
# They are public_vendor_system_props for vendor-specific extension.
@@ -193,6 +194,7 @@ persist.radio.snapshot_timer u:object_r:vendor_radio_prop:s0
persist.radio.videopause.mode u:object_r:vendor_radio_prop:s0
persist.radio.VT_ENABLE u:object_r:vendor_radio_prop:s0
persist.radio.VT_HYBRID_ENABLE u:object_r:vendor_radio_prop:s0
+vendor.radio.pwr.curb_backoff u:object_r:vendor_radio_prop:s0
# vendor_bluetooth_prop
persist.vendor.bluetooth.a4wp u:object_r:vendor_bluetooth_prop:s0
diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te
index 609bf2f7..7c86d222 100644
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
@@ -28,7 +28,7 @@ dontaudit rild diag_device:chr_file rw_file_perms;
allow rild radio_vendor_data_file:dir rw_dir_perms;
allow rild radio_vendor_data_file:file create_file_perms;
-get_prop(rild, vendor_radio_prop)
+set_prop(rild, vendor_radio_prop)
# Allow vendor native process to read the proc file of xt_qtaguid
allow rild proc_qtaguid_stat:file r_file_perms;
diff --git a/sepolicy/vendor/seapp_contexts b/sepolicy/vendor/seapp_contexts
index 6d17cf73..a4f429ba 100644
--- a/sepolicy/vendor/seapp_contexts
+++ b/sepolicy/vendor/seapp_contexts
@@ -17,7 +17,10 @@ user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_d
user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access
-user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user
+user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+
+# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera
+user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
#Needed for time service apk
user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index d7b84619..31c7ff72 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -23,3 +23,5 @@ typeattribute system_server system_writes_vendor_properties_violators;
set_prop(system_server, public_vendor_system_prop)
dontaudit system_server self:capability sys_module;
+
+allow system_server thermal_service:service_manager find;
diff --git a/sepolicy/vendor/thermalserviced.te b/sepolicy/vendor/thermalserviced.te
new file mode 100644
index 00000000..aa6a0857
--- /dev/null
+++ b/sepolicy/vendor/thermalserviced.te
@@ -0,0 +1 @@
+binder_call(thermalserviced, system_server)