diff --git a/dumpstate.te b/dumpstate.te
index e4d6dc9e6b1ac565f890ba0cec5ccccb57b73d88..2221222470beda058d604752f8b597859a8518e9 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -49,8 +49,8 @@ allow dumpstate { appdomain system_server }:process signal;
 # This list comes from native_processes_to_dump in dumpstate/utils.c
 allow dumpstate { drmserver mediaserver sdcardd surfaceflinger }:process signal;
 
-# The vdc command needs to talk to the vold socket.
-unix_socket_connect(dumpstate, vold, vold)
+# Execute and transition to the vdc domain
+domain_auto_trans(dumpstate, vdc_exec, vdc)
 
 # Vibrate the device after we're done collecting the bugreport
 # /sys/class/timed_output/vibrator/enable
diff --git a/vdc.te b/vdc.te
index a5ca2f29c7f80664d78643f244faa5f10417142b..8b6a93a4910ce93856443c3695965dec00a9f9f9 100644
--- a/vdc.te
+++ b/vdc.te
@@ -1,6 +1,9 @@
 # vdc spawned from init for the following services:
 #  defaultcrypto
 #  encrypt
+#
+# We also transition into this domain from dumpstate, when
+# collecting bug reports.
 
 type vdc, domain;
 type vdc_exec, exec_type, file_type;
@@ -8,3 +11,13 @@ type vdc_exec, exec_type, file_type;
 init_daemon_domain(vdc)
 
 unix_socket_connect(vdc, vold, vold)
+
+# vdc sends information back to dumpstate when "adb bugreport" is used
+allow vdc dumpstate:fd use;
+allow vdc dumpstate:unix_stream_socket { read write getattr };
+
+# vdc information is written to shell owned bugreport files
+allow vdc shell_data_file:file { write getattr };
+
+# Why?
+allow vdc dumpstate:unix_dgram_socket { read write };