diff --git a/adbd.te b/adbd.te
index 1344fdb81b4bd6ef3710f0229d7f47c95fc1a77b..a35d570b81df0b16110c97d47b24808126cee470 100644
--- a/adbd.te
+++ b/adbd.te
@@ -1,6 +1,6 @@
 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
-type adbd, domain, domain_deprecated, mlstrustedsubject;
+type adbd, domain, mlstrustedsubject;
 
 userdebug_or_eng(`
   allow adbd self:process setcurrent;
diff --git a/domain.te b/domain.te
index f1b0d58b3a74038dd04b50ef5a3e781820e4cf66..2d11bf7fb31a7eb1029b29c34bce8f8c82288130 100644
--- a/domain.te
+++ b/domain.te
@@ -88,6 +88,9 @@ allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
+# libc references /data/misc/zoneinfo for timezone related information
+r_dir_file(domain, zoneinfo_data_file)
+
 # files under /data.
 allow domain system_data_file:dir { search getattr };
 allow domain system_data_file:lnk_file read;
diff --git a/domain_deprecated.te b/domain_deprecated.te
index 9c54321498de80de434655252404b85ac683378f..8d69a7fc0277e526d91c1f1de3226ce76623f8aa 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -53,9 +53,6 @@ allow domain_deprecated cache_file:dir r_dir_perms;
 allow domain_deprecated cache_file:file { getattr read };
 allow domain_deprecated cache_file:lnk_file r_file_perms;
 
-# Read timezone related information
-r_dir_file(domain_deprecated, zoneinfo_data_file)
-
 # For /acct/uid/*/tasks.
 allow domain_deprecated cgroup:dir { search write };
 allow domain_deprecated cgroup:file w_file_perms;
diff --git a/shell.te b/shell.te
index 3d2bb5be217e6702d8ac231673589d943177506c..2a3faecb2d746ddef4d3d1b25682ab04b8ecc3cb 100644
--- a/shell.te
+++ b/shell.te
@@ -1,5 +1,5 @@
 # Domain for shell processes spawned by ADB or console service.
-type shell, domain, domain_deprecated, mlstrustedsubject;
+type shell, domain, mlstrustedsubject;
 type shell_exec, exec_type, file_type;
 
 # Create and use network sockets.
@@ -21,6 +21,10 @@ userdebug_or_eng(`
   allow shell misc_logd_file:file r_file_perms;
 ')
 
+# interact with adb
+allow shell adbd:fd use;
+allow shell adbd:unix_stream_socket { read write ioctl getattr };
+
 # read files in /data/anr
 allow shell anr_data_file:dir r_dir_perms;
 allow shell anr_data_file:file r_file_perms;
@@ -82,6 +86,8 @@ allow shell servicemanager:service_manager list;
 allow shell { service_manager_type -gatekeeper_service }:service_manager find;
 
 # allow shell to look through /proc/ for ps, top
+r_dir_file(shell, proc)
+r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };