diff --git a/shell.te b/shell.te
index a8089d6fbe47807544340a69186e7228f0a8e3db..e0c318fc1ea92d61618a8a8bc18b19171b5ecc80 100644
--- a/shell.te
+++ b/shell.te
@@ -98,6 +98,10 @@ allow shell domain:{ file lnk_file } { open read getattr };
 # allow shell to read /proc/pid/attr/current for ps -Z
 allow shell domain:process getattr;
 
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart