diff --git a/private/dumpstate.te b/private/dumpstate.te
index cbdfbc6d55ed0d2829648884dec023ae5644f741..b8f81526cddc1f713b42a4f2e83c97882c1d82dd 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -5,6 +5,9 @@ init_daemon_domain(dumpstate)
 # Execute and transition to the vdc domain
 domain_auto_trans(dumpstate, vdc_exec, vdc)
 
+# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
+allow dumpstate system_file:file lock;
+
 # TODO: deal with tmpfs_domain pub/priv split properly
 allow dumpstate dumpstate_tmpfs:file execute;