diff --git a/public/dumpstate.te b/public/dumpstate.te
index 6e826a3785d3edfc3ad51f750ab9399da23197c8..f6d6a0a69d9da541b94af9a0f8d745f0e76a800e 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -220,6 +220,20 @@ allow dumpstate ion_device:chr_file r_file_perms;
 # read default labeled files in /sys
 r_dir_file(dumpstate, sysfs)
 
+# Allow dumpstate to run top
+allow dumpstate proc_stat:file r_file_perms;
+
+# Allow dumpstate to read backlight details
+allow dumpstate sysfs_leds:lnk_file r_file_perms;
+allow dumpstate sysfs_leds:file r_file_perms;
+allow dumpstate sysfs_leds:dir search;
+
+# Allow dumpstate to talk to installd over binder
+binder_call(dumpstate, installd);
+
+# Allow dumpstate to run ip xfrm policy
+allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
+
 ###
 ### neverallow rules
 ###