diff --git a/private/gpuservice.te b/private/gpuservice.te
index 08c390217..297a876a8 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -64,6 +64,8 @@ add_service(gpuservice, gpu_service)
 # Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice.
 set_prop(gpuservice, graphics_config_writable_prop)
 
+neverallow { domain -init -vendor_init -gpuservice } graphics_config_writable_prop:property_service set;
+
 # Needed for querying permission
 allow gpuservice permission_service:service_manager find;
 
diff --git a/public/property.te b/public/property.te
index 335301e9e..5ee8d60b6 100644
--- a/public/property.te
+++ b/public/property.te
@@ -102,7 +102,6 @@ system_restricted_prop(usb_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
 system_restricted_prop(vold_status_prop)
 system_restricted_prop(vts_status_prop)
-system_restricted_prop(graphics_config_writable_prop)
 
 
 compatible_property_only(`
@@ -225,6 +224,7 @@ system_public_prop(future_pm_prop)
 system_public_prop(ffs_control_prop)
 system_public_prop(framework_status_prop)
 system_public_prop(gesture_prop)
+system_public_prop(graphics_config_writable_prop)
 system_public_prop(hal_dumpstate_config_prop)
 system_public_prop(sota_prop)
 system_public_prop(hwservicemanager_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 288d035e0..3942c27c5 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -251,6 +251,7 @@ set_prop(vendor_init, lmkd_prop)
 set_prop(vendor_init, logd_prop)
 set_prop(vendor_init, log_tag_prop)
 set_prop(vendor_init, log_prop)
+set_prop(vendor_init, graphics_config_writable_prop)
 set_prop(vendor_init, qemu_hw_prop)
 set_prop(vendor_init, radio_control_prop)
 set_prop(vendor_init, rebootescrow_hal_prop)
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index ff28a0357..710e2df6c 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -13,6 +13,7 @@ get_prop(hal_camera_default, device_config_camera_native_prop);
 
 # Allow reading graphics properties, specifically for EGL blobcache mode
 get_prop(hal_camera_default, graphics_config_prop);
+get_prop(hal_camera_default, graphics_config_writable_prop);
 
 # For collecting bugreports.
 allow hal_camera_default dumpstate:fd use;