diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 2dd0265ad..a55887f9c 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -100,6 +100,8 @@
     heapprofd_socket
     incident_helper
     incident_helper_exec
+    init_service_status_private_prop
+    init_service_status_prop
     iorapd
     iorapd_data_file
     iorapd_exec
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 481cbe34f..ba581d88e 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1285,7 +1285,7 @@
 (typeattributeset default_android_hwservice_30_0 (default_android_hwservice))
 (typeattributeset default_android_service_30_0 (default_android_service))
 (typeattributeset default_android_vndservice_30_0 (default_android_vndservice))
-(typeattributeset default_prop_30_0 (default_prop))
+(typeattributeset default_prop_30_0 (default_prop init_service_status_private_prop))
 (typeattributeset dev_cpu_variant_30_0 (dev_cpu_variant))
 (typeattributeset device_30_0 (device))
 (typeattributeset device_config_activity_manager_native_boot_prop_30_0 (device_config_activity_manager_native_boot_prop))
@@ -1345,6 +1345,7 @@
   ( exported2_default_prop
     aac_drc_prop
     build_prop
+    init_service_status_prop
     libc_debug_prop))
 (typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
 (typeattributeset exported2_system_prop_30_0
diff --git a/private/coredomain.te b/private/coredomain.te
index 887f51a57..895507cff 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1,11 +1,12 @@
-get_prop(coredomain, pm_prop)
+get_prop(coredomain, camera_config_prop)
+get_prop(coredomain, dalvik_runtime_prop)
 get_prop(coredomain, exported_pm_prop)
 get_prop(coredomain, ffs_config_prop)
-get_prop(coredomain, lmkd_config_prop)
-get_prop(coredomain, camera_config_prop)
 get_prop(coredomain, hdmi_config_prop)
-get_prop(coredomain, dalvik_runtime_prop)
-
+get_prop(coredomain, init_service_status_private_prop)
+get_prop(coredomain, init_service_status_prop)
+get_prop(coredomain, lmkd_config_prop)
+get_prop(coredomain, pm_prop)
 get_prop(coredomain, usb_config_prop)
 get_prop(coredomain, usb_control_prop)
 
diff --git a/private/property.te b/private/property.te
index ca4dd6574..ecbfff3c9 100644
--- a/private/property.te
+++ b/private/property.te
@@ -7,6 +7,7 @@ system_internal_prop(device_config_configuration_prop)
 system_internal_prop(fastbootd_protocol_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)
+system_internal_prop(init_service_status_private_prop)
 system_internal_prop(init_svc_debug_prop)
 system_internal_prop(last_boot_reason_prop)
 system_internal_prop(netd_stable_secret_prop)
@@ -385,3 +386,10 @@ neverallow {
   provisioned_prop
   retaildemo_prop
 }:file no_rw_file_perms;
+
+neverallow {
+  -init
+} {
+  init_service_status_private_prop
+  init_service_status_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 3f15983e6..5188bc72b 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -542,13 +542,17 @@ dumpstate.unroot  u:object_r:exported_dumpstate_prop:s0 exact bool
 
 hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
 
-init.svc.bugreport      u:object_r:exported2_default_prop:s0 exact string
-init.svc.console        u:object_r:exported2_default_prop:s0 exact string
-init.svc.dumpstatez     u:object_r:exported2_default_prop:s0 exact string
-init.svc.mediadrm       u:object_r:exported2_default_prop:s0 exact string
-init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
-init.svc.tombstoned     u:object_r:exported2_default_prop:s0 exact string
-init.svc.zygote         u:object_r:exported2_default_prop:s0 exact string
+# default contexts only accessible by coredomain
+init.svc. u:object_r:init_service_status_private_prop:s0 exact string
+
+# vendor-init-readable init service props
+init.svc.bugreport      u:object_r:init_service_status_prop:s0 exact string
+init.svc.console        u:object_r:init_service_status_prop:s0 exact string
+init.svc.dumpstatez     u:object_r:init_service_status_prop:s0 exact string
+init.svc.mediadrm       u:object_r:init_service_status_prop:s0 exact string
+init.svc.surfaceflinger u:object_r:init_service_status_prop:s0 exact string
+init.svc.tombstoned     u:object_r:init_service_status_prop:s0 exact string
+init.svc.zygote         u:object_r:init_service_status_prop:s0 exact string
 
 libc.debug.malloc.options u:object_r:libc_debug_prop:s0 exact string
 libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
diff --git a/public/property.te b/public/property.te
index a13a3616b..8229ce8d7 100644
--- a/public/property.te
+++ b/public/property.te
@@ -62,6 +62,7 @@ system_restricted_prop(boot_status_prop)
 system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_prop)
 system_restricted_prop(fingerprint_prop)
+system_restricted_prop(init_service_status_prop)
 system_restricted_prop(libc_debug_prop)
 system_restricted_prop(module_sdkextensions_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index a344eaa91..5cf085df0 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -245,6 +245,7 @@ set_prop(vendor_init, zram_control_prop)
 get_prop(vendor_init, boot_status_prop)
 get_prop(vendor_init, exported2_radio_prop)
 get_prop(vendor_init, exported3_system_prop)
+get_prop(vendor_init, init_service_status_prop)
 get_prop(vendor_init, ota_prop)
 get_prop(vendor_init, provisioned_prop)
 get_prop(vendor_init, retaildemo_prop)