diff --git a/domain.te b/domain.te
index 2a63c82e471461145c4e63ace4a9ae7d2f16b132..767103e7b9bf52b0a7fb91bef1eb9b50c080423a 100644
--- a/domain.te
+++ b/domain.te
@@ -323,6 +323,7 @@ neverallow domain default_android_service:service_manager add;
 # Require that domains explicitly label unknown properties, and do not allow
 # anyone but init to modify unknown properties.
 neverallow { domain -init } default_prop:property_service set;
+neverallow { domain -init } mmc_prop:property_service set;
 
 neverallow { domain -init -recovery -system_server } frp_block_device:blk_file rw_file_perms;
 
diff --git a/property.te b/property.te
index 94567ed7526fa87977d1d8334ecc539d467de96f..c649a90130f2eda7b07de61143f0a37dbc4d570b 100644
--- a/property.te
+++ b/property.te
@@ -23,6 +23,7 @@ type ctl_bugreport_prop, property_type;
 type ctl_console_prop, property_type;
 type audio_prop, property_type, core_property_type;
 type logd_prop, property_type, core_property_type;
+type mmc_prop, property_type;
 type restorecon_prop, property_type, core_property_type;
 type security_prop, property_type, core_property_type;
 type bluetooth_prop, property_type, core_property_type;
diff --git a/property_contexts b/property_contexts
index 47c3cf746670ba0a27951eb6e6bb270d457a51b0..9e936caa4d11a9472a6fea74a15d3e712796951a 100644
--- a/property_contexts
+++ b/property_contexts
@@ -41,6 +41,7 @@ persist.debug.          u:object_r:persist_debug_prop:s0
 persist.logd.           u:object_r:logd_prop:s0
 persist.logd.security   u:object_r:device_logging_prop:s0
 persist.log.tag         u:object_r:logd_prop:s0
+persist.mmc.            u:object_r:mmc_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0