diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 96737ab1fd20049b9f195a89c3e16493713cc988..f894037811217e9db4c091624685c3dbdd496988 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -149,6 +149,7 @@ allow domain_deprecated proc_meminfo:file r_file_perms;
 userdebug_or_eng(`
 auditallow {
   domain_deprecated
+  -dumpstate
   -fsck
   -fsck_untrusted
   -sdcardd
@@ -158,6 +159,7 @@ auditallow {
 } proc:file r_file_perms;
 auditallow {
   domain_deprecated
+  -dumpstate
   -fsck
   -fsck_untrusted
   -system_server
@@ -165,6 +167,7 @@ auditallow {
 } proc:lnk_file { open ioctl lock }; # getattr read granted in domain
 auditallow {
   domain_deprecated
+  -dumpstate
   -fingerprintd
   -healthd
   -netd
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 592532f2531885b253c21e936afdde0f076e4161..29a8aedcac6a9836a3e9e0b1ff2a3847caf1a237 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -137,8 +137,9 @@ read_logd(dumpstate)
 control_logd(dumpstate)
 read_runtime_log_tags(dumpstate)
 
-# Read /proc/net
+# Read /proc and /proc/net
 allow dumpstate proc_net:file r_file_perms;
+r_dir_file(dumpstate, proc)
 
 # Read network state info files.
 allow dumpstate net_data_file:dir search;