diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 43f11357b02fc0bddf698c8309c444ea4c87921f..7c735f2da46fd810f1b2c98a320a31d5cc5eb604 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -190,6 +190,7 @@ allow domain_deprecated proc_meminfo:file r_file_perms;
 userdebug_or_eng(`
 auditallow {
   domain_deprecated
+  -dumpstate
   -fsck
   -fsck_untrusted
   -sdcardd
@@ -199,6 +200,7 @@ auditallow {
 } proc:file r_file_perms;
 auditallow {
   domain_deprecated
+  -dumpstate
   -fsck
   -fsck_untrusted
   -system_server
@@ -206,6 +208,7 @@ auditallow {
 } proc:lnk_file { open ioctl lock }; # getattr read granted in domain
 auditallow {
   domain_deprecated
+  -dumpstate
   -fingerprintd
   -healthd
   -netd
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 4f66ffb4a7daca1ce0d5ade9aff15219678781e8..e069fd27c5ff7f806f1f301e9623a0e45fef068d 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -137,8 +137,9 @@ read_logd(dumpstate)
 control_logd(dumpstate)
 read_runtime_log_tags(dumpstate)
 
-# Read /proc/net
+# Read /proc and /proc/net
 allow dumpstate proc_net:file r_file_perms;
+r_dir_file(dumpstate, proc)
 
 # Read network state info files.
 allow dumpstate net_data_file:dir search;