diff --git a/private/shell.te b/private/shell.te
index 9b7235b8a0721daa9393d4067a81438fc8214624..130a13015944d70af19907daa7ac2262bdbe256c 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -45,6 +45,9 @@ domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
 # when exec()-d by statsd.
 domain_auto_trans(shell, perfetto_exec, perfetto)
 
+# Allow shell to run adb shell cmd stats commands. Needed for CTS.
+binder_call(shell, statsd);
+
 # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
 allow shell perfetto_traces_data_file:dir rw_dir_perms;
 allow shell perfetto_traces_data_file:file r_file_perms;
diff --git a/private/statsd.te b/private/statsd.te
index 7221cba60b7b1a34234c906e7869b7b0216b1e14..2e8b684584efa872935556159a570e264140f0fe 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -72,6 +72,11 @@ binder_call(statsd, stats)
 allow statsd proc_uid_cputime_showstat:file { getattr open read };
 hal_client_domain(statsd, hal_power)
 
+# Allow 'adb shell cmd' to upload configs and download output.
+allow statsd adbd:fd use;
+allow statsd adbd:unix_stream_socket { read write };
+
+
 ###
 ### neverallow rules
 ###
diff --git a/private/system_app.te b/private/system_app.te
index cd697a1703c5cfe61f8e2f54033ba9bdd78c94e4..d6be5a301007b50b063daa62e588bf7e87857fb7 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -58,6 +58,9 @@ allow system_app anr_data_file:file create_file_perms;
 # Settings need to access app name and icon from asec
 allow system_app asec_apk_file:file r_file_perms;
 
+# Allow system apps (like Settings) to interact with statsd
+binder_call(system_app, statsd)
+
 # Allow system apps to interact with incidentd
 binder_call(system_app, incidentd)