diff --git a/private/shell.te b/private/shell.te
index aab0a15c327c347d1596b46a7cd4fd01d44d96a0..c24bfd329a4df2a6fd00603eceacf11fe45b8ebc 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -10,3 +10,6 @@ allow shell atrace_exec:file rx_file_perms;
 # Run app_process.
 # XXX Transition into its own domain?
 app_domain(shell)
+
+# allow shell to call dumpsys storaged
+binder_call(shell, storaged)
diff --git a/private/storaged.te b/private/storaged.te
index 3dbabf6f2aa6a322635e029c2d77226fd5edef39..698999f515bd59bbfc0a28172531e2eb1f46e657 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -21,6 +21,10 @@ userdebug_or_eng(`
   allow storaged debugfs_mmc:file r_file_perms;
 ')
 
+# Needed to provide debug dump output via dumpsys pipes.
+allow storaged shell:fd use;
+allow storaged shell:fifo_file write;
+
 # Binder permissions
 add_service(storaged, storaged_service)