diff --git a/public/domain.te b/public/domain.te
index 7e41e964e5f5a6eaace272b6e490463f969e3d7a..cef538fd3c8929facc84b2b78ed6da69648ca744 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -466,7 +466,7 @@ neverallow {
 }:file no_x_file_perms;
 
 # The test files and executables MUST not be accessible to any domain
-neverallow domain nativetest_data_file:file_class_set no_w_file_perms;
+neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms;
 neverallow domain nativetest_data_file:dir no_w_dir_perms;
 neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
 
diff --git a/public/kernel.te b/public/kernel.te
index c8521e329dc9cae2c3164b941059fd4da9b67ef5..b7a351cc87dfab004b486692116b7a062b88961f 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -69,7 +69,7 @@ allow kernel asec_image_file:file read;
 # and for LTP kernel tests (b/73220071)
 userdebug_or_eng(`
   allow kernel update_engine_data_file:file read;
-  allow kernel nativetest_data_file:file read;
+  allow kernel nativetest_data_file:file { read write };
 ')
 
 # Access to /data/media.