diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te
new file mode 100644
index 00000000..a7c91adb
--- /dev/null
+++ b/sepolicy/private/priv_app.te
@@ -0,0 +1,2 @@
+allow priv_app update_engine_service:service_manager find;
+allow priv_app update_engine:binder call;
diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts
index d0eaa1a0..ea3a3b85 100644
--- a/sepolicy/private/seapp_contexts
+++ b/sepolicy/private/seapp_contexts
@@ -1 +1 @@
-user=_app isPrivApp=true seinfo=platform name=co.aospa.hub domain=hub_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true seinfo=platform name=eu.chainfire.opendelta domain=updater_app type=app_data_file levelFrom=user
diff --git a/sepolicy/private/update_engine.te b/sepolicy/private/update_engine.te
index 115ad735..d320fce9 100644
--- a/sepolicy/private/update_engine.te
+++ b/sepolicy/private/update_engine.te
@@ -1,5 +1,5 @@
 # Allow update_engine to call the callback function provided by updater_app
-binder_call(update_engine, hub_app)
+binder_call(update_engine, updater_app)
 
 # Read updates from storage data
 r_dir_file(update_engine, mnt_user_file)
@@ -7,3 +7,21 @@ r_dir_file(update_engine, storage_file)
 
 # Allow mount and unmount of system partition
 allow update_engine labeledfs:filesystem { mount unmount };
+
+# Read OTA zip file at /data/media/.
+allow update_engine media_rw_data_file:file { read open };
+allow update_engine self:capability { dac_override dac_read_search sys_rawio };
+
+# Allow update engine to read fuse files anywhere
+allow update_engine fuse:dir r_dir_perms;
+allow update_engine fuse:file { read open getattr };
+
+r_dir_file(update_engine, mnt_user_file)
+r_dir_file(update_engine, storage_file)
+
+allow update_engine self:capability { chown fsetid sys_rawio };
+
+allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:dir create_dir_perms;
+allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:{ file lnk_file } create_file_perms;
+allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms;
+allow update_engine { rootfs system_file }:file { relabelfrom relabelto };
diff --git a/sepolicy/private/updater_app.te b/sepolicy/private/updater_app.te
new file mode 100644
index 00000000..230bab50
--- /dev/null
+++ b/sepolicy/private/updater_app.te
@@ -0,0 +1,26 @@
+type updater_app, domain, coredomain;
+
+net_domain(updater_app)
+app_domain(updater_app)
+
+binder_call(updater_app, gpuservice)
+binder_call(updater_app, update_engine)
+
+allow updater_app app_api_service:service_manager find;
+allow updater_app recovery_service:service_manager find;
+allow updater_app system_api_service:service_manager find;
+allow updater_app update_engine_service:service_manager find;
+
+allow updater_app app_data_file:dir create_dir_perms;
+allow updater_app app_data_file:{ file lnk_file } create_file_perms;
+
+allow updater_app cache_file:dir r_dir_perms;
+
+allow updater_app cache_recovery_file:dir rw_dir_perms;
+allow updater_app cache_recovery_file:file create_file_perms;
+
+allow updater_app ota_package_file:dir create_dir_perms;
+allow updater_app ota_package_file:file create_file_perms;
+
+get_prop(updater_app, default_prop)
+get_prop(updater_app, build_prop)
diff --git a/target/config/permissions/aospa-power-whitelist.xml b/target/config/permissions/aospa-power-whitelist.xml
new file mode 100644
index 00000000..dec3353d
--- /dev/null
+++ b/target/config/permissions/aospa-power-whitelist.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2021 Yet Another AOSP Project
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+          http://www.apache.org/licenses/LICENSE-2.0
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<config>
+    <allow-in-power-save package="eu.chainfire.opendelta" />
+</config>
diff --git a/target/product/aospa-target.mk b/target/product/aospa-target.mk
index 5f6ecc33..0a8f953a 100644
--- a/target/product/aospa-target.mk
+++ b/target/product/aospa-target.mk
@@ -33,9 +33,9 @@ PRODUCT_SYSTEM_PROPERTIES += \
 # Boot Animation
 $(call inherit-product, vendor/aospa/bootanimation/bootanimation.mk)
 
-# Camera
+# OpenDelta
 PRODUCT_PACKAGES += \
-    GoogleCameraGo
+    OpenDelta
 
 # Charger
 PRODUCT_SYSTEM_EXT_PROPERTIES += \
@@ -166,7 +166,8 @@ PRODUCT_SYSTEM_EXT_PROPERTIES += \
 # Permissions
 PRODUCT_COPY_FILES += \
     vendor/aospa/target/config/permissions/default_permissions_com.google.android.deskclock.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/default-permissions/default_permissions_com.google.android.deskclock.xml \
-    vendor/aospa/target/config/permissions/privapp-permissions-hotword.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/permissions/privapp-permissions-hotword.xml
+    vendor/aospa/target/config/permissions/privapp-permissions-hotword.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/permissions/privapp-permissions-hotword.xml \
+    vendor/aospa/target/config/permissions/aospa-power-whitelist.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/sysconfig/aospa-power-whitelist.xml
 
 # Privapp-permissions
 PRODUCT_SYSTEM_EXT_PROPERTIES += \
diff --git a/target/product/version.mk b/target/product/version.mk
index e19be9aa..61663251 100644
--- a/target/product/version.mk
+++ b/target/product/version.mk
@@ -74,3 +74,6 @@ PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
     ro.aospa.version.major=$(shell V1=$(AOSPA_MAJOR_VERSION); echo $${V1^}) \
     ro.aospa.version.minor=$(AOSPA_MINOR_VERSION) \
     ro.aospa.build.variant=$(shell V2=$(AOSPA_BUILD_VARIANT); echo $${V2^})
+
+PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
+     ro.modversion=$(AOSPA_VERSION)