diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 40678438a..b784fd83b 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -13,6 +13,7 @@
     hal_can_bus_hwservice
     hal_can_controller_hwservice
     init_svc_debug_prop
+    linker_prop
     ota_metadata_file
     runtime_apex_dir
     system_ashmem_hwservice
diff --git a/private/domain.te b/private/domain.te
index 8f7a1e045..ee0ef6e92 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -42,6 +42,9 @@ allow domain vendor_task_profiles_file:file r_file_perms;
 # if memfd support can be used if device supports it
 get_prop(domain, use_memfd_prop);
 
+# Allow to read properties for linker
+get_prop(domain, linker_prop);
+
 # For now, everyone can access core property files
 # Device specific properties are not granted by default
 not_compatible_property(`
@@ -83,6 +86,7 @@ userdebug_or_eng(`
 ')
 
 # Allow access to linkerconfig file
+allow domain linkerconfig_file:dir search;
 allow domain linkerconfig_file:file r_file_perms;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
diff --git a/private/property_contexts b/private/property_contexts
index d1a97d9ab..55445ec92 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -23,6 +23,7 @@ hw.                     u:object_r:system_prop:s0
 ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
 sys.cppreopt            u:object_r:cppreopt_prop:s0
+sys.linker.             u:object_r:linker_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
 sys.powerctl            u:object_r:powerctl_prop:s0
 sys.usb.ffs.            u:object_r:ffs_prop:s0
diff --git a/private/shell.te b/private/shell.te
index 02b01f5ae..8a933a5b0 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -74,3 +74,8 @@ allow shell rs_exec:file rx_file_perms;
 # Allow shell to start and comminicate with lpdumpd.
 set_prop(shell, lpdumpd_prop);
 binder_call(shell, lpdumpd)
+
+# Allow shell to set linker property
+userdebug_or_eng(`
+  set_prop(shell, linker_prop)
+')
diff --git a/public/property.te b/public/property.te
index 9dc204c7c..4f4adecde 100644
--- a/public/property.te
+++ b/public/property.te
@@ -58,6 +58,7 @@ type hwservicemanager_prop, property_type;
 type init_svc_debug_prop, property_type;
 type last_boot_reason_prop, property_type;
 type system_lmk_prop, property_type;
+type linker_prop, property_type;
 type llkd_prop, property_type;
 type logd_prop, property_type, core_property_type;
 type logpersistd_logging_prop, property_type;
@@ -192,6 +193,13 @@ dontaudit domain {
   ctl_rildaemon_prop
 }:property_service set;
 
+# Do now allow to modify linker properties except shell and init
+neverallow {
+  domain
+  -init
+  userdebug_or_eng(`-shell')
+} linker_prop:property_service set;
+
 neverallow {
   domain
   -init
@@ -451,6 +459,7 @@ compatible_property_only(`
     -hwservicemanager_prop
     -last_boot_reason_prop
     -system_lmk_prop
+    -linker_prop
     -log_prop
     -log_tag_prop
     -logd_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index da3651d2c..f458d7710 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -218,6 +218,7 @@ not_compatible_property(`
       -gsid_prop
       -nnapi_ext_deny_product_prop
       -init_svc_debug_prop
+      -linker_prop
     })
 ')