diff --git a/netd.te b/netd.te
index 50208981f25dd1068dfb653cb3e85107e9cf7da2..46cc43631813bcfd6fcde171b609beca21b32418 100644
--- a/netd.te
+++ b/netd.te
@@ -56,9 +56,7 @@ allow netd dnsmasq:process signal;
 domain_auto_trans(netd, clatd_exec, clatd)
 allow netd clatd:process signal;
 
-# Support netd running mdnsd
-# TODO: prune this back further
-allow netd ctl_default_prop:property_service set;
+allow netd ctl_mdnsd_prop:property_service set;
 
 ###
 ### Neverallow rules
diff --git a/property.te b/property.te
index c1dc2549c7f5c0b17c72ef495bf05bdfb9e5246a..6f2b280504559bba5e4577cb55ebcdb5feafad85 100644
--- a/property.te
+++ b/property.te
@@ -6,8 +6,11 @@ type radio_prop, property_type;
 type system_prop, property_type;
 type vold_prop, property_type;
 type rild_prop, property_type;
+type ctl_bootanim_prop, property_type;
 type ctl_default_prop, property_type;
 type ctl_dumpstate_prop, property_type;
+type ctl_fuse_prop, property_type;
+type ctl_mdnsd_prop, property_type;
 type ctl_rildaemon_prop, property_type;
 type ctl_bugreport_prop, property_type;
 type audio_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 08874c552d3f2fa93af6f22e4203c022eab8c132..aedf60c4afc8cbd76a07b37fed7294de040cf8ca 100644
--- a/property_contexts
+++ b/property_contexts
@@ -52,7 +52,10 @@ vold.                   u:object_r:vold_prop:s0
 crypto.                 u:object_r:vold_prop:s0
 
 # ctl properties
+ctl.bootanim            u:object_r:ctl_bootanim_prop:s0
 ctl.dumpstate           u:object_r:ctl_dumpstate_prop:s0
+ctl.fuse_               u:object_r:ctl_fuse_prop:s0
+ctl.mdnsd               u:object_r:ctl_mdnsd_prop:s0
 ctl.ril-daemon          u:object_r:ctl_rildaemon_prop:s0
 ctl.bugreport           u:object_r:ctl_bugreport_prop:s0
 ctl.                    u:object_r:ctl_default_prop:s0
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 5ecfd18322f47dfbdb54b61be5c4edcd02e44f6c..20fef957da5205135f3b60751f04ce26d9cdd69a 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -38,7 +38,7 @@ allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms;
 
 # Set properties.
 allow surfaceflinger system_prop:property_service set;
-allow surfaceflinger ctl_default_prop:property_service set;
+allow surfaceflinger ctl_bootanim_prop:property_service set;
 
 # Use open files supplied by an app.
 allow surfaceflinger appdomain:fd use;
diff --git a/vold.te b/vold.te
index cc70e8a294290c85ff1375f096d921af2d12bd10..b76be767e6acde550d68facf35ce2cd43ca9e38c 100644
--- a/vold.te
+++ b/vold.te
@@ -65,7 +65,7 @@ allow vold kernel:process setsched;
 # Property Service
 allow vold vold_prop:property_service set;
 allow vold powerctl_prop:property_service set;
-allow vold ctl_default_prop:property_service set;
+allow vold ctl_fuse_prop:property_service set;
 
 # ASEC
 allow vold asec_image_file:file create_file_perms;