diff --git a/attributes b/attributes
index e9f51ee292afbe2ddbd31f8c00d4e3459648704e..3f4d5ef15589e7c15858ae8d4f9c4f25d31a7cfb 100644
--- a/attributes
+++ b/attributes
@@ -55,6 +55,10 @@ attribute port_type;
 # All types used for property service
 attribute property_type;
 
+# All properties defined in core SELinux policy. Should not be
+# used by device specific properties
+attribute core_property_type;
+
 # All service_manager types created by system_server
 attribute system_server_service;
 
diff --git a/domain.te b/domain.te
index 2e38e92b297b3149ce69d4387da257c7b8ab1c11..aaf2d0a04b3a580629cf30c735474ee1bb98ef78 100644
--- a/domain.te
+++ b/domain.te
@@ -79,8 +79,9 @@ allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:dir r_dir_perms;
 allow domain properties_serial:file r_file_perms;
 
-# For now, everyone can access all property files
-get_prop(domain, property_type)
+# For now, everyone can access core property files
+# Device specific properties are not granted by default
+get_prop(domain, core_property_type)
 dontaudit domain property_type:file audit_access;
 allow domain property_contexts:file r_file_perms;
 
diff --git a/property.te b/property.te
index a9c5fe6dc31e6ac902f1d5d57d59eae513634daf..2c4084f14cb6e0e487e05d6bfdf603f71a969b23 100644
--- a/property.te
+++ b/property.te
@@ -1,35 +1,35 @@
-type default_prop, property_type;
-type shell_prop, property_type;
-type debug_prop, property_type;
-type dumpstate_prop, property_type;
-type persist_debug_prop, property_type;
-type debuggerd_prop, property_type;
-type dhcp_prop, property_type;
-type fingerprint_prop, property_type;
-type ffs_prop, property_type;
-type radio_prop, property_type;
-type net_radio_prop, property_type;
-type system_radio_prop, property_type;
-type system_prop, property_type;
-type vold_prop, property_type;
-type ctl_bootanim_prop, property_type;
-type ctl_default_prop, property_type;
-type ctl_dhcp_pan_prop, property_type;
-type ctl_dumpstate_prop, property_type;
-type ctl_fuse_prop, property_type;
-type ctl_mdnsd_prop, property_type;
-type ctl_rildaemon_prop, property_type;
-type ctl_bugreport_prop, property_type;
-type ctl_console_prop, property_type;
-type audio_prop, property_type;
-type logd_prop, property_type;
-type restorecon_prop, property_type;
-type security_prop, property_type;
-type bluetooth_prop, property_type;
-type pan_result_prop, property_type;
-type powerctl_prop, property_type;
-type nfc_prop, property_type;
-type dalvik_prop, property_type;
-type config_prop, property_type;
+type default_prop, property_type, core_property_type;
+type shell_prop, property_type, core_property_type;
+type debug_prop, property_type, core_property_type;
+type dumpstate_prop, property_type, core_property_type;
+type persist_debug_prop, property_type, core_property_type;
+type debuggerd_prop, property_type, core_property_type;
+type dhcp_prop, property_type, core_property_type;
+type fingerprint_prop, property_type, core_property_type;
+type ffs_prop, property_type, core_property_type;
+type radio_prop, property_type, core_property_type;
+type net_radio_prop, property_type, core_property_type;
+type system_radio_prop, property_type, core_property_type;
+type system_prop, property_type, core_property_type;
+type vold_prop, property_type, core_property_type;
+type ctl_bootanim_prop, property_type, core_property_type;
+type ctl_default_prop, property_type, core_property_type;
+type ctl_dhcp_pan_prop, property_type, core_property_type;
+type ctl_dumpstate_prop, property_type, core_property_type;
+type ctl_fuse_prop, property_type, core_property_type;
+type ctl_mdnsd_prop, property_type, core_property_type;
+type ctl_rildaemon_prop, property_type, core_property_type;
+type ctl_bugreport_prop, property_type, core_property_type;
+type ctl_console_prop, property_type, core_property_type;
+type audio_prop, property_type, core_property_type;
+type logd_prop, property_type, core_property_type;
+type restorecon_prop, property_type, core_property_type;
+type security_prop, property_type, core_property_type;
+type bluetooth_prop, property_type, core_property_type;
+type pan_result_prop, property_type, core_property_type;
+type powerctl_prop, property_type, core_property_type;
+type nfc_prop, property_type, core_property_type;
+type dalvik_prop, property_type, core_property_type;
+type config_prop, property_type, core_property_type;
 
 allow property_type tmpfs:filesystem associate;
diff --git a/te_macros b/te_macros
index 37b33a90bda2beeb0ca2e39298ebade9a0c85f1a..6d918354b46e994c6880ddb89d8aa8d489bdf971 100644
--- a/te_macros
+++ b/te_macros
@@ -150,6 +150,7 @@ allow $1 $3:unix_stream_socket connectto;
 define(`set_prop', `
 __unix_socket_connect__($1, property, init)
 allow $1 $2:property_service set;
+get_prop($1, $2)
 ')
 
 #####################################