diff --git a/domain.te b/domain.te
index ee606a4b190a0022f366d294a426c493a817e8ff..69cf04d7c64ebbef1e9d47611ffacc9f943dfdaf 100644
--- a/domain.te
+++ b/domain.te
@@ -313,6 +313,8 @@ neverallow {
   -apk_data_file
 }:file no_x_file_perms;
 
+neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
+
 # Only the init property service should write to /data/property.
 neverallow { domain -init } property_data_file:dir no_w_dir_perms;
 neverallow { domain -init } property_data_file:file no_w_file_perms;
diff --git a/file.te b/file.te
index 244e8d5da91c87bb2ae797dddc831209bfc02594..383c3c5a947a6469475bd5aae4f592dd67763b09 100644
--- a/file.te
+++ b/file.te
@@ -91,6 +91,8 @@ type property_data_file, file_type, data_file_type;
 type bootchart_data_file, file_type, data_file_type;
 # /data/system/heapdump
 type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/nativetest
+type nativetest_data_file, file_type, data_file_type;
 
 # Mount locations managed by vold
 type mnt_media_rw_file, file_type;
diff --git a/file_contexts b/file_contexts
index 2143a77e7bb037c24ab19f2407e2731950f1fefa..107c73c2d06649151538c0a3b6217ef36bc79d65 100644
--- a/file_contexts
+++ b/file_contexts
@@ -244,6 +244,7 @@
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
+/data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
 
 # Misc data
diff --git a/shell.te b/shell.te
index 39b599fcabd976106dff12a9963940ff5baf2f60..32ca20dbf1936834b386242c14ab604de48a3867 100644
--- a/shell.te
+++ b/shell.te
@@ -31,6 +31,12 @@ allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 allow shell shell_data_file:lnk_file create_file_perms;
 
+# Read/execute files in /data/nativetest
+userdebug_or_eng(`
+  allow shell nativetest_data_file:dir r_dir_perms;
+  allow shell nativetest_data_file:file rx_file_perms;
+')
+
 # adb bugreport
 unix_socket_connect(shell, dumpstate, dumpstate)