diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
index c8edf9f7d1f7fecf2a1a7b9999497fd28dca13d0..4e0aae22fd3008346fbf9d1a106d755f219f02da 100644
--- a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
@@ -23,6 +23,7 @@
e2fs
e2fs_exec
exfat
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
index 61067483003c6a23df2158c2610f3ecc44b4eccf..747478ccc0d3362b30907b55df87cc6aad97e7b3 100644
--- a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
@@ -27,6 +27,7 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
diff --git a/prebuilts/api/28.0/private/surfaceflinger.te b/prebuilts/api/28.0/private/surfaceflinger.te
index e64b8de2cfe1806e7dfd8bd27bc9d03ba1ab86f6..e2f1a0721b3a72389dea1d5337b5935019c64c75 100644
--- a/prebuilts/api/28.0/private/surfaceflinger.te
+++ b/prebuilts/api/28.0/private/surfaceflinger.te
@@ -14,6 +14,7 @@ read_runtime_log_tags(surfaceflinger)
hal_client_domain(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_composer)
hal_client_domain(surfaceflinger, hal_configstore)
+hal_client_domain(surfaceflinger, hal_power)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
diff --git a/prebuilts/api/28.0/private/system_server.te b/prebuilts/api/28.0/private/system_server.te
index b037fe4a605a4bc40cf15f12df8b31fbe99dc6f7..fa84c3226cec71d4b70e748f80b40dbad9a9af25 100644
--- a/prebuilts/api/28.0/private/system_server.te
+++ b/prebuilts/api/28.0/private/system_server.te
@@ -536,6 +536,10 @@ get_prop(system_server, serialno_prop)
# Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop)
+# Audio service in system server can read exported audio properties,
+# such as camera shutter enforcement
+get_prop(system_server, exported_audio_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index 09200b836925496d4c1d0423ac39aad4cbc51765..b0397e957b3f2ab7d4f919e8532e7c14f5673bf2 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -66,6 +66,7 @@ type wifi_prop, property_type;
type vendor_security_patch_level_prop, property_type;
# Properties for whitelisting
+type exported_audio_prop, property_type;
type exported_bluetooth_prop, property_type;
type exported_config_prop, property_type;
type exported_dalvik_prop, property_type;
diff --git a/prebuilts/api/28.0/public/property_contexts b/prebuilts/api/28.0/public/property_contexts
index 842a885a1028c22f0167ad8b5a0113ccf5fbc77e..4f81c1c324245774174450f66fa52c8ca6b48f4e 100644
--- a/prebuilts/api/28.0/public/property_contexts
+++ b/prebuilts/api/28.0/public/property_contexts
@@ -3,6 +3,7 @@ persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
# vendor-init-settable
af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
diff --git a/prebuilts/api/28.0/public/vendor_init.te b/prebuilts/api/28.0/public/vendor_init.te
index d079873252583e0c820de9920a8ef1a8106f3d0f..4e4b3136527e11705490ce828349e5aa9ffcf81a 100644
--- a/prebuilts/api/28.0/public/vendor_init.te
+++ b/prebuilts/api/28.0/public/vendor_init.te
@@ -170,6 +170,7 @@ not_compatible_property(`
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index c8edf9f7d1f7fecf2a1a7b9999497fd28dca13d0..4e0aae22fd3008346fbf9d1a106d755f219f02da 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -23,6 +23,7 @@
e2fs
e2fs_exec
exfat
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 61067483003c6a23df2158c2610f3ecc44b4eccf..747478ccc0d3362b30907b55df87cc6aad97e7b3 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -27,6 +27,7 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index e64b8de2cfe1806e7dfd8bd27bc9d03ba1ab86f6..e2f1a0721b3a72389dea1d5337b5935019c64c75 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -14,6 +14,7 @@ read_runtime_log_tags(surfaceflinger)
hal_client_domain(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_composer)
hal_client_domain(surfaceflinger, hal_configstore)
+hal_client_domain(surfaceflinger, hal_power)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
diff --git a/private/system_server.te b/private/system_server.te
index b037fe4a605a4bc40cf15f12df8b31fbe99dc6f7..fa84c3226cec71d4b70e748f80b40dbad9a9af25 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -536,6 +536,10 @@ get_prop(system_server, serialno_prop)
# Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop)
+# Audio service in system server can read exported audio properties,
+# such as camera shutter enforcement
+get_prop(system_server, exported_audio_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/public/property.te b/public/property.te
index 09200b836925496d4c1d0423ac39aad4cbc51765..b0397e957b3f2ab7d4f919e8532e7c14f5673bf2 100644
--- a/public/property.te
+++ b/public/property.te
@@ -66,6 +66,7 @@ type wifi_prop, property_type;
type vendor_security_patch_level_prop, property_type;
# Properties for whitelisting
+type exported_audio_prop, property_type;
type exported_bluetooth_prop, property_type;
type exported_config_prop, property_type;
type exported_dalvik_prop, property_type;
diff --git a/public/property_contexts b/public/property_contexts
index 842a885a1028c22f0167ad8b5a0113ccf5fbc77e..4f81c1c324245774174450f66fa52c8ca6b48f4e 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -3,6 +3,7 @@ persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
# vendor-init-settable
af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
diff --git a/public/vendor_init.te b/public/vendor_init.te
index d079873252583e0c820de9920a8ef1a8106f3d0f..4e4b3136527e11705490ce828349e5aa9ffcf81a 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -170,6 +170,7 @@ not_compatible_property(`
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)