diff --git a/public/dumpstate.te b/public/dumpstate.te
index 605e8363ed01fb0b2303ccfbb63ca8b606cd55c6..85c024117ea328d94c430d560c5bde33e716c4d6 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -219,6 +219,20 @@ allow dumpstate ion_device:chr_file r_file_perms;
 # read default labeled files in /sys
 r_dir_file(dumpstate, sysfs)
 
+# Allow dumpstate to run top
+allow dumpstate proc_stat:file r_file_perms;
+
+# Allow dumpstate to read backlight details
+allow dumpstate sysfs_leds:lnk_file r_file_perms;
+allow dumpstate sysfs_leds:file r_file_perms;
+allow dumpstate sysfs_leds:dir search;
+
+# Allow dumpstate to talk to installd over binder
+binder_call(dumpstate, installd);
+
+# Allow dumpstate to run ip xfrm policy
+allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
+
 ###
 ### neverallow rules
 ###