diff --git a/app.te b/app.te
index f2f1ad31d1d5ae47a92431d476e0090d90a01b70..e8d272d27563da7189e6249a0bd89d2e4d4a2653 100644
--- a/app.te
+++ b/app.te
@@ -140,6 +140,10 @@ allow appdomain platform_app_data_file:file { getattr read write };
 allow appdomain system_data_file:dir r_dir_perms;
 allow appdomain system_data_file:file { execute open };
 
+# Execute the shell or other system executables.
+allow appdomain shell_exec:file rx_file_perms;
+allow appdomain system_file:file rx_file_perms;
+
 # Read/write wallpaper file (opened by system).
 allow appdomain wallpaper_file:file { read write };
 
diff --git a/cts.te b/cts.te
index 26c970d4b6ab5a57b6dea164a805b351e3198928..9aa3e86bc3ae9be1fa7006e5222b7d05e080fe3f 100644
--- a/cts.te
+++ b/cts.te
@@ -26,6 +26,10 @@ allow appdomain file_type:dir_file_class_set getattr;
 allow appdomain dev_type:dir_file_class_set getattr;
 allow appdomain fs_type:dir_file_class_set getattr;
 
+# Accesses to apk_tmp_file and shell_data_file
+allow appdomain apk_tmp_file:file rw_file_perms;
+allow appdomain shell_data_file:file r_file_perms;
+
 # Read permission over link file to devices.
 allow appdomain dev_type:lnk_file read;