diff --git a/adbd.te b/adbd.te
index 76a0febd10fa3b28fb5a7ffd89f330a615bc231a..2734a331a92c854eea232f27a27985cbe6f7f7cb 100644
--- a/adbd.te
+++ b/adbd.te
@@ -49,6 +49,9 @@ set_prop(adbd, shell_prop)
 set_prop(adbd, powerctl_prop)
 set_prop(adbd, ffs_prop)
 
+# Access device logging gating property
+get_prop(adbd, device_logging_prop)
+
 # Run /system/bin/bu
 allow adbd system_file:file rx_file_perms;
 
diff --git a/logd.te b/logd.te
index ab09bf50d8e0e20cc50a7c3e60ae359c61ed4c9d..9b1fdd3727f0f68d947f74a825f11985f9273b86 100644
--- a/logd.te
+++ b/logd.te
@@ -18,6 +18,9 @@ userdebug_or_eng(`
 allow logd pstorefs:dir search;
 allow logd pstorefs:file r_file_perms;
 
+# Access device logging gating property
+get_prop(logd, device_logging_prop)
+
 r_dir_file(logd, domain)
 
 allow logd kernel:system syslog_mod;
diff --git a/property.te b/property.te
index 5d67142030d7696d5d4aed236c29dd4e65b61825..94567ed7526fa87977d1d8334ecc539d467de96f 100644
--- a/property.te
+++ b/property.te
@@ -31,5 +31,6 @@ type powerctl_prop, property_type, core_property_type;
 type nfc_prop, property_type, core_property_type;
 type dalvik_prop, property_type, core_property_type;
 type config_prop, property_type, core_property_type;
+type device_logging_prop, property_type;
 
 allow property_type tmpfs:filesystem associate;
diff --git a/property_contexts b/property_contexts
index c1ff6d727028b39a734a389709530dfd6122147e..47c3cf746670ba0a27951eb6e6bb270d457a51b0 100644
--- a/property_contexts
+++ b/property_contexts
@@ -39,12 +39,17 @@ service.adb.tcp.port    u:object_r:shell_prop:s0
 persist.audio.          u:object_r:audio_prop:s0
 persist.debug.          u:object_r:persist_debug_prop:s0
 persist.logd.           u:object_r:logd_prop:s0
+persist.logd.security   u:object_r:device_logging_prop:s0
 persist.log.tag         u:object_r:logd_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
 
+# Boolean property set by system server upon boot indicating
+# if device owner is provisioned.
+ro.device_owner         u:object_r:device_logging_prop:s0
+
 # selinux non-persistent properties
 selinux.restorecon_recursive   u:object_r:restorecon_prop:s0
 selinux.                       u:object_r:security_prop:s0
diff --git a/system_server.te b/system_server.te
index 97eb41584ac737ce2bea419e8c1fb71c6a412aa4..d0cb2298cd4a02af17ea5936a7b482edf0eb8ce0 100644
--- a/system_server.te
+++ b/system_server.te
@@ -288,6 +288,7 @@ set_prop(system_server, system_radio_prop)
 set_prop(system_server, debug_prop)
 set_prop(system_server, powerctl_prop)
 set_prop(system_server, fingerprint_prop)
+set_prop(system_server, device_logging_prop)
 
 # ctl interface
 set_prop(system_server, ctl_default_prop)