diff --git a/public/dumpstate.te b/public/dumpstate.te
index 39bd85fa7f592e7af327474d236e43d9c6737c07..ec1f32680a2d0c817db94a909a45e96300da6e24 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -214,6 +214,20 @@ allow dumpstate ion_device:chr_file r_file_perms;
 # read default labeled files in /sys
 r_dir_file(dumpstate, sysfs)
 
+# Allow dumpstate to run top
+allow dumpstate proc_stat:file r_file_perms;
+
+# Allow dumpstate to read backlight details
+allow dumpstate sysfs_leds:lnk_file r_file_perms;
+allow dumpstate sysfs_leds:file r_file_perms;
+allow dumpstate sysfs_leds:dir search;
+
+# Allow dumpstate to talk to installd over binder
+binder_call(dumpstate, installd);
+
+# Allow dumpstate to run ip xfrm policy
+allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
+
 ###
 ### neverallow rules
 ###