diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index 64ad3e64f612dd46abaaace7d7b397df01d57681..aaf516c5d066f4a86f74f0d1381e258f20baa8fa 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -24,7 +24,7 @@ auditallow { domain_deprecated -appdomain -netd -surfaceflinger } system_server:
 # This is used for e.g. adb backup/restore.
 allow domain_deprecated adbd:fd use;
 userdebug_or_eng(`
-auditallow { domain_deprecated -appdomain -system_server } adbd:fd use;
+auditallow { domain_deprecated -appdomain -system_server -runas } adbd:fd use;
 ')
 
 # Root fs.
diff --git a/public/runas.te b/public/runas.te
index a61f176a99db224d867ef8177fecc523d981ff11..e56a9e76b4649c8ccb4023bae1c84c5175d116ae 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -1,6 +1,7 @@
 type runas, domain, domain_deprecated, mlstrustedsubject;
 type runas_exec, exec_type, file_type;
 
+allow runas adbd:fd use;
 allow runas adbd:process sigchld;
 allow runas adbd:unix_stream_socket { read write };
 allow runas shell:fd use;