diff --git a/private/mediaserver.te b/private/mediaserver.te
index 7fb802958..6fe460ca5 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -15,3 +15,6 @@ set_prop(mediaserver, audio_prop)
 
 get_prop(mediaserver, drm_service_config_prop)
 get_prop(mediaserver, media_config_prop)
+
+# Allow mediaserver to start media.transcoding service via ctl.start.
+set_prop(mediaserver, ctl_mediatranscoding_prop);
diff --git a/private/property.te b/private/property.te
index 9f9ebbf5b..13aa7d053 100644
--- a/private/property.te
+++ b/private/property.te
@@ -35,6 +35,7 @@ system_internal_prop(userspace_reboot_log_prop)
 system_internal_prop(userspace_reboot_test_prop)
 system_internal_prop(verity_status_prop)
 system_internal_prop(zygote_wrap_prop)
+system_internal_prop(ctl_mediatranscoding_prop)
 
 ###
 ### Neverallow rules
diff --git a/private/property_contexts b/private/property_contexts
index 41b600ff3..903f080d9 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -169,6 +169,9 @@ ctl.restart$gsid        u:object_r:ctl_gsid_prop:s0
 # Restrict access to stopping apexd.
 ctl.stop$apexd          u:object_r:ctl_apexd_prop:s0
 
+# Restrict access to starting media.transcoding.
+ctl.start$media.transcoding  u:object_r:ctl_mediatranscoding_prop:s0
+
 # Restrict access to restart dumpstate
 ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0