diff --git a/private/file_contexts b/private/file_contexts
index 1bc17162e39ce31d5783e21a1ec435dda8e72511..e61ef2984b1aba42fefa432ff100d4125a554e45 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -265,6 +265,7 @@
# Vendor files
#
/(vendor|system/vendor)(/.*)? u:object_r:vendor_file:s0
+/(vendor|system/vendor)/bin/sh u:object_r:vendor_shell_exec:s0
/(vendor|system/vendor)/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0
/(vendor|system/vendor)/etc(/.*)? u:object_r:vendor_configs_file:s0
diff --git a/public/domain.te b/public/domain.te
index 9c591db59f1958081ce5a6de8bebc9f02d363545..513e6e144bbd669a67edc31a404cf3b635cbb684 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -728,6 +728,13 @@ full_treble_only(`
-system_server
-zygote
} vendor_overlay_file:{ file lnk_file } r_file_perms;
+
+ # Non-vendor domains are not allowed to file execute shell
+ # from vendor
+ neverallow {
+ coredomain
+ -init
+ } vendor_shell_exec:file { execute execute_no_trans };
')
# Only authorized processes should be writing to files in /data/dalvik-cache
diff --git a/public/init.te b/public/init.te
index 0deb8cdc9b914d8e2d13a5032f2b45abc08b6574..e997e1338667619f7c7c0eddbe887316dc16c522 100644
--- a/public/init.te
+++ b/public/init.te
@@ -395,6 +395,8 @@ allow init proc_meminfo:file r_file_perms;
allow init system_data_file:file { getattr read };
allow init system_data_file:lnk_file r_file_perms;
+# For init to be able to run shell scripts from vendor
+allow init vendor_shell_exec:file execute;
###
### neverallow rules
diff --git a/public/vendor_shell.te b/public/vendor_shell.te
new file mode 100644
index 0000000000000000000000000000000000000000..b33054290f7091e36066ed3e415d6249a723919e
--- /dev/null
+++ b/public/vendor_shell.te
@@ -0,0 +1,4 @@
+# vendor shell MUST never run as interactive or login shell.
+# vendor shell CAN never be traisitioned to by any process, so it is
+# only intended by shell script interpreter.
+type vendor_shell_exec, exec_type, vendor_file_type, file_type;