diff --git a/adbd.te b/adbd.te
index 33e0d55618bd427176827f13a681c32029bf456c..a8f3017220bc42b6144cdd9456600e38f48dec26 100644
--- a/adbd.te
+++ b/adbd.te
@@ -1,6 +1,6 @@
 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
-type adbd, domain, domain_deprecated, mlstrustedsubject;
+type adbd, domain, mlstrustedsubject;
 
 userdebug_or_eng(`
   allow adbd self:process setcurrent;
diff --git a/domain.te b/domain.te
index 2ce245b26f9eed47f3563e344d72568d84b2f528..19ca544606bd5e329352085ce606dd2d838dce62 100644
--- a/domain.te
+++ b/domain.te
@@ -88,6 +88,9 @@ allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
+# libc references /data/misc/zoneinfo for timezone related information
+r_dir_file(domain, zoneinfo_data_file)
+
 # files under /data.
 allow domain system_data_file:dir { search getattr };
 allow domain system_data_file:lnk_file read;
diff --git a/domain_deprecated.te b/domain_deprecated.te
index 9c54321498de80de434655252404b85ac683378f..8d69a7fc0277e526d91c1f1de3226ce76623f8aa 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -53,9 +53,6 @@ allow domain_deprecated cache_file:dir r_dir_perms;
 allow domain_deprecated cache_file:file { getattr read };
 allow domain_deprecated cache_file:lnk_file r_file_perms;
 
-# Read timezone related information
-r_dir_file(domain_deprecated, zoneinfo_data_file)
-
 # For /acct/uid/*/tasks.
 allow domain_deprecated cgroup:dir { search write };
 allow domain_deprecated cgroup:file w_file_perms;
diff --git a/shell.te b/shell.te
index 3d2bb5be217e6702d8ac231673589d943177506c..2a3faecb2d746ddef4d3d1b25682ab04b8ecc3cb 100644
--- a/shell.te
+++ b/shell.te
@@ -1,5 +1,5 @@
 # Domain for shell processes spawned by ADB or console service.
-type shell, domain, domain_deprecated, mlstrustedsubject;
+type shell, domain, mlstrustedsubject;
 type shell_exec, exec_type, file_type;
 
 # Create and use network sockets.
@@ -21,6 +21,10 @@ userdebug_or_eng(`
   allow shell misc_logd_file:file r_file_perms;
 ')
 
+# interact with adb
+allow shell adbd:fd use;
+allow shell adbd:unix_stream_socket { read write ioctl getattr };
+
 # read files in /data/anr
 allow shell anr_data_file:dir r_dir_perms;
 allow shell anr_data_file:file r_file_perms;
@@ -82,6 +86,8 @@ allow shell servicemanager:service_manager list;
 allow shell { service_manager_type -gatekeeper_service }:service_manager find;
 
 # allow shell to look through /proc/ for ps, top
+r_dir_file(shell, proc)
+r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };