diff --git a/system_server.te b/system_server.te
index f48fd2cb0acfa575f97b462d7376610e404b71ec..d7fd53039d4ac8654eae5404d855a9cd0413f147 100644
--- a/system_server.te
+++ b/system_server.te
@@ -21,6 +21,9 @@ allow system_server zygote:fd use;
 allow system_server zygote:process sigchld;
 allow system_server zygote_tmpfs:file read;
 
+# Needed to close the zygote socket, which involves getopt / getattr
+allow system_server zygote:unix_stream_socket { getopt getattr };
+
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
 bluetooth_domain(system_server)