diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 835bc5ea8..690350cbd 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -19,6 +19,7 @@
     profcollectd_data_file
     profcollectd_exec
     profcollectd_service
+    shell_test_data_file
     sysfs_devices_cs_etm
     update_engine_stable_service
     cgroup_v2
diff --git a/private/file_contexts b/private/file_contexts
index 5cc5b9b0a..bd702d262 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -522,6 +522,7 @@
 /data/gsi/ota(/.*)?    u:object_r:ota_image_data_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
+/data/local/tests(/.*)?	u:object_r:shell_test_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/local/tmp/ltp(/.*)?   u:object_r:nativetest_data_file:s0
 /data/local/traces(/.*)?	u:object_r:trace_data_file:s0
diff --git a/public/adbd.te b/public/adbd.te
index 68a176ca6..5056b3528 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -6,3 +6,8 @@ type adbd_exec, exec_type, file_type, system_file_type;
 # Only init is allowed to enter the adbd domain via exec()
 neverallow { domain -init } adbd:process transition;
 neverallow * adbd:process dyntransition;
+
+# Access /data/local/tests.
+allow adbd shell_test_data_file:dir create_dir_perms;
+allow adbd shell_test_data_file:file create_file_perms;
+allow adbd shell_test_data_file:lnk_file create_file_perms;
diff --git a/public/domain.te b/public/domain.te
index 745bb25b7..1bfdcea1a 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -471,6 +471,10 @@ neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_clas
 neverallow domain nativetest_data_file:dir no_w_dir_perms;
 neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
 
+neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
+neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
+neverallow { domain -shell -init -adbd } shell_test_data_file:file *;
+
 # Only the init property service should write to /data/property and /dev/__properties__
 neverallow { domain -init } property_data_file:dir no_w_dir_perms;
 neverallow { domain -init } property_data_file:file { no_w_file_perms no_x_file_perms };
diff --git a/public/file.te b/public/file.te
index b85882f5f..3d10999b2 100644
--- a/public/file.te
+++ b/public/file.te
@@ -308,6 +308,8 @@ type dropbox_data_file, file_type, data_file_type, core_data_file_type;
 type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 # /data/nativetest
 type nativetest_data_file, file_type, data_file_type, core_data_file_type;
+# /data/local/tests
+type shell_test_data_file, file_type, data_file_type, core_data_file_type;
 # /data/system_de/0/ringtones
 type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 # /data/preloads
diff --git a/public/shell.te b/public/shell.te
index 822f4ca1e..ee90a6337 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -25,6 +25,12 @@ allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 allow shell shell_data_file:lnk_file create_file_perms;
 
+# Access /data/local/tests.
+allow shell shell_test_data_file:dir create_dir_perms;
+allow shell shell_test_data_file:file create_file_perms;
+allow shell shell_test_data_file:file rx_file_perms;
+allow shell shell_test_data_file:lnk_file create_file_perms;
+
 # Read and delete from /data/local/traces.
 allow shell trace_data_file:file { r_file_perms unlink };
 allow shell trace_data_file:dir { r_dir_perms remove_name write };