diff --git a/app.te b/app.te
index 47c05aca1bfc493e0500635ea6ad9429846594ab..cfb13b95e4e1a5e2fd55bf05e0337d32ac966676 100644
--- a/app.te
+++ b/app.te
@@ -83,6 +83,7 @@ allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdow
 allow appdomain shell_data_file:file { write getattr };
 
 # Write to /proc/net/xt_qtaguid/ctrl file.
+allow appdomain proc_net:dir search;
 allow appdomain qtaguid_proc:file rw_file_perms;
 # Everybody can read the xt_qtaguid resource tracking misc dev.
 # So allow all apps to read from /dev/xt_qtaguid.
diff --git a/clatd.te b/clatd.te
index 0371e1462b0c0610ba1b4c7a99167b86a7bc114f..0492f22db7aea5ec14e122c5fdc63baacded7c84 100644
--- a/clatd.te
+++ b/clatd.te
@@ -15,6 +15,7 @@ allow clatd netd:udp_socket { read write };
 allow clatd netd:unix_stream_socket { read write };
 allow clatd netd:unix_dgram_socket { read write };
 
+r_dir_file(clatd, proc_net)
 allow clatd self:capability { net_admin net_raw setuid setgid };
 
 allow clatd self:netlink_route_socket nlmsg_write;
diff --git a/dhcp.te b/dhcp.te
index 32a6cccb147bb811663e2e02ba0ddcf9874ec24c..898e3a124d4f2a05a1d623f29c36af5574efee56 100644
--- a/dhcp.te
+++ b/dhcp.te
@@ -12,7 +12,8 @@ allow dhcp self:netlink_route_socket nlmsg_write;
 allow dhcp shell_exec:file rx_file_perms;
 allow dhcp system_file:file rx_file_perms;
 # For /proc/sys/net/ipv4/conf/*/promote_secondaries
-allow dhcp proc_net:file write;
+allow dhcp proc_net:file rw_file_perms;
+allow dhcp proc_net:dir r_dir_perms;
 allow dhcp dhcp_prop:property_service set;
 allow dhcp pan_result_prop:property_service set;
 unix_socket_connect(dhcp, property, init)
diff --git a/domain.te b/domain.te
index a184e063b8e363cacefd2563af28b0f71bd5175e..08aa4c1678a3a2b214ce5090dd8d2dd5bb1b70f0 100644
--- a/domain.te
+++ b/domain.te
@@ -145,7 +145,6 @@ r_dir_file(domain, sysfs)
 r_dir_file(domain, sysfs_devices_system_cpu)
 r_dir_file(domain, inotify)
 r_dir_file(domain, cgroup)
-r_dir_file(domain, proc_net)
 allow domain proc_cpuinfo:file r_file_perms;
 
 # debugfs access
diff --git a/dumpstate.te b/dumpstate.te
index 5f65eb0538a4df99880a81b0052c5138d2e4e85f..2324c25d97ff784aa0a9d7195b1d82139f17f7ca 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -60,6 +60,7 @@ domain_auto_trans(dumpstate, vdc_exec, vdc)
 allow dumpstate sysfs:file w_file_perms;
 
 # Other random bits of data we want to collect
+allow dumpstate proc_net:dir search;
 allow dumpstate qtaguid_proc:file r_file_perms;
 allow dumpstate debugfs:file r_file_perms;
 
diff --git a/init.te b/init.te
index 4ec07f7aff78f558b956d5a2041a5c896d00dda1..362f4f83006dbd08fba518788a696fffe78880ae 100644
--- a/init.te
+++ b/init.te
@@ -123,7 +123,8 @@ allow init proc_security:file rw_file_perms;
 allow init proc:file w_file_perms;
 
 # Write to /proc/sys/net/ping_group_range and other /proc/sys/net files.
-allow init proc_net:file w_file_perms;
+allow init proc_net:file rw_file_perms;
+allow init proc_net:dir r_dir_perms;
 allow init self:capability net_admin;
 
 # Write to /proc/sysrq-trigger.
diff --git a/mediaserver.te b/mediaserver.te
index ec69aed091cfedf8ddcfcf0aeac660194ec64f5e..6e6c87d5cd2aa1c66be105550dc2da455fa4ba38 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -61,6 +61,7 @@ allow mediaserver audio_data_file:dir ra_dir_perms;
 allow mediaserver audio_data_file:file create_file_perms;
 
 # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
+allow mediaserver proc_net:dir search;
 allow mediaserver qtaguid_proc:file rw_file_perms;
 allow mediaserver qtaguid_device:chr_file r_file_perms;
 
diff --git a/netd.te b/netd.te
index ce894210e39b66fde1e3766ba611d901431de3d9..611ec76d7d17f98c050d6a5ffaea535ca311df5a 100644
--- a/netd.te
+++ b/netd.te
@@ -23,7 +23,8 @@ allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;
 
 # For /proc/sys/net/ipv[46]/route/flush.
-allow netd proc_net:file write;
+allow netd proc_net:file rw_file_perms;
+allow netd proc_net:dir r_dir_perms;
 
 # For /sys/modules/bcmdhd/parameters/firmware_path
 # XXX Split into its own type.
diff --git a/radio.te b/radio.te
index d369949db4c4ccdb2f71072e641c688c7a332cb0..2b63cd959c8477346dbe8b7e9afa528cd32ea403 100644
--- a/radio.te
+++ b/radio.te
@@ -17,6 +17,7 @@ allow radio radio_data_file:notdevfile_class_set create_file_perms;
 
 allow radio alarm_device:chr_file rw_file_perms;
 
+r_dir_file(radio, proc_net)
 allow radio net_data_file:dir search;
 allow radio net_data_file:file r_file_perms;
 
diff --git a/system_server.te b/system_server.te
index 6199eb73188e4bc09c70664be0de7ca545c0ea8f..45c4936000d1e94be1448b39cf5333ce2397e4ff 100644
--- a/system_server.te
+++ b/system_server.te
@@ -91,6 +91,7 @@ allow system_server appdomain:file write;
 # Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
 allow system_server qtaguid_proc:file rw_file_perms;
 allow system_server qtaguid_device:chr_file rw_file_perms;
+r_dir_file(system_server, proc_net)
 
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;