diff --git a/public/property.te b/public/property.te
index e4b8d6e434b33c39f4c31a9af72e3d11436cb2d2..e64ebcd2ad25a9299a3ca003ecb1c5552d1b0923 100644
--- a/public/property.te
+++ b/public/property.te
@@ -43,3 +43,42 @@ type wifi_log_prop, property_type, log_property_type;
 type wifi_prop, property_type;
 
 allow property_type tmpfs:filesystem associate;
+
+###
+### Neverallow rules
+###
+
+# core_property_type should not be used for new properties or
+# device specific properties. Properties with this attribute
+# are readable to everyone, which is overly broad and should
+# be avoided.
+# New properties should have appropriate read / write access
+# control rules written.
+
+neverallow * {
+  core_property_type
+  -audio_prop
+  -bluetooth_prop
+  -config_prop
+  -cppreopt_prop
+  -dalvik_prop
+  -debuggerd_prop
+  -debug_prop
+  -default_prop
+  -dhcp_prop
+  -dumpstate_prop
+  -ffs_prop
+  -fingerprint_prop
+  -logd_prop
+  -net_radio_prop
+  -nfc_prop
+  -pan_result_prop
+  -persist_debug_prop
+  -powerctl_prop
+  -radio_prop
+  -restorecon_prop
+  -shell_prop
+  -system_prop
+  -system_radio_prop
+  -vold_prop
+}:file no_rw_file_perms;