diff --git a/app.te b/app.te
index 055c810ddfc2cbf525e4b94c6eda26a616384620..27e6055e0171a99c012d27f5d7ec8d48fae2ee0e 100644
--- a/app.te
+++ b/app.te
@@ -435,3 +435,9 @@ neverallow appdomain {
 # Foreign dex profiles are just markers. Prevent apps to do anything but touch them.
 neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;
 neverallow appdomain user_profile_foreign_dex_data_file:dir { open getattr read ioctl remove_name };
+
+# Applications should use the activity model for receiving events
+neverallow {
+  appdomain
+  -shell # bugreport
+} input_device:chr_file ~getattr;