diff --git a/private/adbd.te b/private/adbd.te
index b402335a28aadf89da885916d066d60466b435ab..52597ebbf4335a9495ea208d9c20e1c1e42f05e0 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -106,6 +106,9 @@ allow adbd seapp_contexts_file:file r_file_perms;
 allow adbd property_contexts_file:file r_file_perms;
 allow adbd sepolicy_file:file r_file_perms;
 
+# Allow pulling config.gz for CTS purposes
+allow adbd config_gz:file r_file_perms;
+
 allow adbd surfaceflinger_service:service_manager find;
 allow adbd bootchart_data_file:dir search;
 allow adbd bootchart_data_file:file r_file_perms;
diff --git a/private/shell.te b/private/shell.te
index ebe994e6b8092c6e00db9c9f3f7968476aa98608..5a0d39bd8970dcd4ba5d19605d535cd62ce33f18 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -7,6 +7,9 @@ allow shell tracing_shell_writable:file rw_file_perms;
 allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;
 
+# read config.gz for CTS purposes
+allow shell config_gz:file r_file_perms;
+
 userdebug_or_eng(`
   allow shell tracing_shell_writable_debug:file rw_file_perms;
 ')