diff --git a/graphics/mesa/domain.te b/graphics/mesa/domain.te
index 9e726eb..36e5702 100644
--- a/graphics/mesa/domain.te
+++ b/graphics/mesa/domain.te
@@ -1 +1,2 @@
 allow domain sysfs_app_readable:dir search;
+get_prop(coredomain, vendor_graphics_mesa_prop)
diff --git a/graphics/mesa/property.te b/graphics/mesa/property.te
index 46b64b4..3ebac04 100644
--- a/graphics/mesa/property.te
+++ b/graphics/mesa/property.te
@@ -1,2 +1,3 @@
 vendor_internal_prop(vendor_graphics_hwcomposer_prop)
 vendor_public_prop(vendor_graphics_gles_prop)
+vendor_restricted_prop(vendor_graphics_mesa_prop)
diff --git a/graphics/mesa/property_contexts b/graphics/mesa/property_contexts
index 350fb28..4d34258 100644
--- a/graphics/mesa/property_contexts
+++ b/graphics/mesa/property_contexts
@@ -1,2 +1,3 @@
 vendor.hwcomposer.edid.    u:object_r:vendor_graphics_hwcomposer_prop:s0
 vendor.gles.         u:object_r:vendor_graphics_gles_prop:s0
+vendor.mesa.         u:object_r:vendor_graphics_mesa_prop:s0
diff --git a/graphics/mesa/vendor_init.te b/graphics/mesa/vendor_init.te
index 23389fa..fa8e823 100644
--- a/graphics/mesa/vendor_init.te
+++ b/graphics/mesa/vendor_init.te
@@ -4,3 +4,4 @@ dontaudit vendor_init debugfs_tracing_instances:dir write;
 allow vendor_init mediaserver:process setsched;
 allow vendor_init self:udp_socket create;
 dontaudit vendor_init coreu_data_file:dir create_dir_perms;
+set_prop(vendor_init, vendor_graphics_mesa_prop)