diff --git a/shell.te b/shell.te
index cc2783cd77042bb50a0eef644f8abfa4b94c3465..6eb7e562664d92620a58ccc18b3d1a723fa351e2 100644
--- a/shell.te
+++ b/shell.te
@@ -93,8 +93,9 @@ allow shell servicemanager:service_manager list;
 # don't allow shell to access GateKeeper service
 allow shell { service_manager_type -gatekeeper_service }:service_manager find;
 
-# allow shell to look through /proc/ for ps, top
+# allow shell to look through /proc/ for ps, top, netstat
 r_dir_file(shell, proc)
+r_dir_file(shell, proc_net)
 r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };