diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3b61f738d..4df0d0b1b 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -10,6 +10,8 @@
     artd
     bt_device
     build_attestation_prop
+    composd_vm_art_prop
+    composd_vm_vendor_prop
     credential_service
     device_as_webcam
     device_config_camera_native_prop
diff --git a/private/composd.te b/private/composd.te
index 96991c6fe..68dd99324 100644
--- a/private/composd.te
+++ b/private/composd.te
@@ -30,9 +30,16 @@ allow composd apex_compos_data_file:file create_file_perms;
 domain_auto_trans(composd, fd_server_exec, compos_fd_server)
 allow composd compos_fd_server:process signal;
 
+# Read properties used to configure the CompOS VM
+get_prop(composd, composd_vm_art_prop)
+get_prop(composd, composd_vm_vendor_prop)
+
 # Read ART's properties
 get_prop(composd, dalvik_config_prop)
 get_prop(composd, device_config_runtime_native_boot_prop)
 
 # We never create any artifact files directly
 neverallow composd apex_art_data_file:file create;
+
+# ART sets these properties via init script, nothing else should
+neverallow { domain -init } composd_vm_art_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 269442d9a..03b82bd8e 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1479,6 +1479,10 @@ ro.gms.dck.se_capability u:object_r:dck_prop:s0 exact int
 # virtualization service properties
 virtualizationservice.state.last_cid u:object_r:virtualizationservice_prop:s0 exact uint
 
+# composd properties
+composd.vm.art.memory_mib.config u:object_r:composd_vm_art_prop:s0 exact uint
+composd.vm.vendor.memory_mib.config u:object_r:composd_vm_vendor_prop:s0 exact int
+
 # properties for the virtual Face HAL
 persist.vendor.face.virtual.type u:object_r:virtual_face_hal_prop:s0 exact string
 persist.vendor.face.virtual.strength u:object_r:virtual_face_hal_prop:s0 exact string
diff --git a/public/property.te b/public/property.te
index 74dd0f52a..2f37b93ef 100644
--- a/public/property.te
+++ b/public/property.te
@@ -65,6 +65,7 @@ system_restricted_prop(boottime_public_prop)
 system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
+system_restricted_prop(composd_vm_art_prop)
 system_restricted_prop(device_config_camera_native_prop)
 system_restricted_prop(device_config_edgetpu_native_prop)
 system_restricted_prop(device_config_nnapi_native_prop)
@@ -142,6 +143,7 @@ system_vendor_config_prop(camera2_extensions_prop)
 system_vendor_config_prop(camerax_extensions_prop)
 system_vendor_config_prop(charger_config_prop)
 system_vendor_config_prop(codec2_config_prop)
+system_vendor_config_prop(composd_vm_vendor_prop)
 system_vendor_config_prop(cpu_variant_prop)
 system_vendor_config_prop(dalvik_config_prop)
 system_vendor_config_prop(debugfs_restriction_prop)