diff --git a/private/property.te b/private/property.te
index 4fd9bc32b..c39a79e49 100644
--- a/private/property.te
+++ b/private/property.te
@@ -633,6 +633,7 @@ neverallow {
   -init
   -remote_prov_app
   -shell
+  -rkpdapp
 } remote_prov_prop:property_service set;
 
 neverallow {
diff --git a/private/rkpd_app.te b/private/rkpd_app.te
index 2d2554001..509a96e28 100644
--- a/private/rkpd_app.te
+++ b/private/rkpd_app.te
@@ -12,7 +12,7 @@ hal_client_domain(rkpdapp, hal_keymint)
 
 # Grant access to certain system properties related to RKP
 get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop)
-get_prop(rkpdapp, remote_prov_prop)
+set_prop(rkpdapp, remote_prov_prop)
 
 # Grant access to the normal services that are available to all apps
 allow rkpdapp app_api_service:service_manager find;