diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3b246c190e10e1c016556ffe603a9e5bed4bb58f..e7fa83f0c81a981c4f8a3873197001aa13c07f0d 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -264,6 +264,12 @@ allow dumpstate self:netlink_socket create_socket_perms_no_ioctl;
 # newer kernels (e.g. 4.4) have a new class for sockets
 allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
 
+# Allow dumpstate to run ss
+allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
+
+# For when dumpstate runs df
+dontaudit dumpstate mnt_vendor_file:dir search;
+
 # Allow dumpstate to kill vendor dumpstate service by init
 set_prop(dumpstate, ctl_dumpstate_prop)