diff --git a/domain.te b/domain.te
index a3f5945b8cb25da84147dc497206b6b3bf37708b..d41cf39e4e50fc8f5b0b7d07e1bd678cb7918c29 100644
--- a/domain.te
+++ b/domain.te
@@ -312,6 +312,8 @@ neverallow {
   -apk_data_file
 }:file no_x_file_perms;
 
+neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
+
 # Only the init property service should write to /data/property.
 neverallow { domain -init } property_data_file:dir no_w_dir_perms;
 neverallow { domain -init } property_data_file:file no_w_file_perms;
diff --git a/file.te b/file.te
index 244e8d5da91c87bb2ae797dddc831209bfc02594..383c3c5a947a6469475bd5aae4f592dd67763b09 100644
--- a/file.te
+++ b/file.te
@@ -91,6 +91,8 @@ type property_data_file, file_type, data_file_type;
 type bootchart_data_file, file_type, data_file_type;
 # /data/system/heapdump
 type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/nativetest
+type nativetest_data_file, file_type, data_file_type;
 
 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;
diff --git a/file_contexts b/file_contexts
index b3546e9f1f21bed81f17e7dfa1bca51893c90d4b..d69c5e5744d2656b8841dc4284d00d134abddbc9 100644
--- a/file_contexts
+++ b/file_contexts
@@ -245,6 +245,7 @@
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
+/data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
 
 # Misc data
diff --git a/shell.te b/shell.te
index 39b599fcabd976106dff12a9963940ff5baf2f60..32ca20dbf1936834b386242c14ab604de48a3867 100644
--- a/shell.te
+++ b/shell.te
@@ -31,6 +31,12 @@ allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 allow shell shell_data_file:lnk_file create_file_perms;
 
+# Read/execute files in /data/nativetest
+userdebug_or_eng(`
+  allow shell nativetest_data_file:dir r_dir_perms;
+  allow shell nativetest_data_file:file rx_file_perms;
+')
+
 # adb bugreport
 unix_socket_connect(shell, dumpstate, dumpstate)