diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index 4bc3589..76eab68 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -84,6 +84,11 @@ on init
 on post-fs
     chmod 0755 /sys/kernel/debug/tracing
 
+    mkdir /mnt/vendor/dsp 0770 root root
+    copy /vendor/dsp/cdsp/fastrpc_shell_3 /mnt/vendor/dsp/fastrpc_shell_3
+    chmod 0644 /mnt/vendor/dsp/fastrpc_shell_3
+    mount none /mnt/vendor/dsp/fastrpc_shell_3 /vendor/dsp/cdsp/fastrpc_shell_3 bind
+
 on early-boot
     # set RLIMIT_MEMLOCK to 64MB
     setrlimit 8 67108864 67108864
diff --git a/sepolicy/vendor/adsprpcd.te b/sepolicy/vendor/adsprpcd.te
index 58fe3e7..d5efe9f 100644
--- a/sepolicy/vendor/adsprpcd.te
+++ b/sepolicy/vendor/adsprpcd.te
@@ -1 +1,4 @@
+type public_adsprpcd_file, file_type;
+
+r_dir_file(vendor_adsprpcd, public_adsprpcd_file)
 r_dir_file(vendor_adsprpcd, vendor_sysfs_graphics)
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index a97a7fc..54eb778 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -1,2 +1,5 @@
 get_prop({ appdomain -isolated_app }, vendor_fingerprint_prop)
-get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)
\ No newline at end of file
+get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)
+
+allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
+allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/cdsprpcd.te b/sepolicy/vendor/cdsprpcd.te
new file mode 100644
index 0000000..cead8a9
--- /dev/null
+++ b/sepolicy/vendor/cdsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_cdsprpcd, public_adsprpcd_file)
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index c1a02d7..3e90180 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -15,6 +15,11 @@
 # Camera
 /mnt/vendor/persist/camera(/.*)?							u:object_r:camera_persist_file:s0
 
+# Hexagon DSP-side executable needed for Halide operation
+# This is labeled as public_adsprpcd_file as it needs to be read by apps
+# (e.g. Google Camera App)
+/mnt/vendor/dsp/fastrpc_shell_3                                         u:object_r:public_adsprpcd_file:s0
+
 # Fingerprint
 /dev/goodix_fp										u:object_r:vendor_fingerprint_device:s0
 /dev/silead_fp										u:object_r:vendor_fingerprint_device:s0
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index d97b6ee..cbca59c 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,2 +1,4 @@
 r_dir_file(hal_camera_default, camera_persist_file)
 set_prop(hal_camera_default, vendor_camera_sensor_prop)
+
+allow hal_camera_default public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/hal_neuralnetworks_default.te b/sepolicy/vendor/hal_neuralnetworks_default.te
new file mode 100644
index 0000000..7763c49
--- /dev/null
+++ b/sepolicy/vendor/hal_neuralnetworks_default.te
@@ -0,0 +1 @@
+r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file)
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
new file mode 100644
index 0000000..ef3c187
--- /dev/null
+++ b/sepolicy/vendor/init.te
@@ -0,0 +1 @@
+allow init adsprpcd_file:file mounton;
diff --git a/sepolicy/vendor/vppservice.te b/sepolicy/vendor/vppservice.te
new file mode 100644
index 0000000..e9e1809
--- /dev/null
+++ b/sepolicy/vendor/vppservice.te
@@ -0,0 +1 @@
+r_dir_file(vendor_vppservice, public_adsprpcd_file)