diff --git a/sepolicy/private/untrusted_app.te b/sepolicy/private/untrusted_app.te
new file mode 100644
index 00000000..478403a4
--- /dev/null
+++ b/sepolicy/private/untrusted_app.te
@@ -0,0 +1 @@
+allow untrusted_app zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te
index 5d1eb0ba..29fb6c49 100644
--- a/sepolicy/vendor/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -1 +1,3 @@
+allow platform_app zygote:unix_stream_socket { getopt };
+
 get_prop(platform_app, exported_camera_prop)
diff --git a/sepolicy/vendor/priv_app.te b/sepolicy/vendor/priv_app.te
index b830df83..cc7b204e 100644
--- a/sepolicy/vendor/priv_app.te
+++ b/sepolicy/vendor/priv_app.te
@@ -1 +1,2 @@
 allow priv_app sysfs_graphics:file { open read };
+allow priv_app zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index bede6c45..69d0d13b 100644
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -14,6 +14,7 @@ allow system_app sysfs_micgain:file rw_file_perms;
 allow system_app sysfs_earpiecegain:file rw_file_perms;
 allow system_app sysfs_zram:dir search;
 allow system_app sysfs_zram:file r_file_perms;
+allow system_app zygote:unix_stream_socket { getopt };
 
 get_prop(system_app, system_prop);
 set_prop(system_app, system_prop);
diff --git a/sepolicy/vendor/timeservice_app.te b/sepolicy/vendor/timeservice_app.te
new file mode 100644
index 00000000..a897ae42
--- /dev/null
+++ b/sepolicy/vendor/timeservice_app.te
@@ -0,0 +1 @@
+allow timeservice_app zygote:unix_stream_socket { getopt };