diff --git a/app.te b/app.te
index fcfbfb168075f90e474edd14648715fa86f4eceb..4c1c18079edefd4c15e1f56680ca16cac6833351 100644
--- a/app.te
+++ b/app.te
@@ -451,3 +451,9 @@ neverallow {
 # Foreign dex profiles are just markers. Prevent apps to do anything but touch them.
 neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;
 neverallow appdomain user_profile_foreign_dex_data_file:dir { open getattr read ioctl remove_name };
+
+# Applications should use the activity model for receiving events
+neverallow {
+  appdomain
+  -shell # bugreport
+} input_device:chr_file ~getattr;