diff --git a/private/access_vectors b/private/access_vectors
index beacf21..6bfe5d9 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -405,7 +405,6 @@
 {
 	nlmsg_read
 	nlmsg_write
-	nlmsg
 }
 
 class netlink_nflog_socket
diff --git a/private/dumpstate.te b/private/dumpstate.te
index b98cb97..13b7b9f 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -416,12 +416,7 @@
 allow dumpstate net_data_file:file r_file_perms;
 
 # List sockets via ss.
-allow dumpstate self:netlink_tcpdiag_socket create_socket_perms_no_ioctl;
-# For kernel < 6.13
-allow dumpstate self:netlink_tcpdiag_socket nlmsg_read;
-# For kernel >= 6.13
-allow dumpstate self:netlink_tcpdiag_socket nlmsg;
-allowxperm dumpstate self:netlink_tcpdiag_socket nlmsg SOCK_DIAG_BY_FAMILY;
+allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
 
 # Access /data/tombstones.
 allow dumpstate tombstone_data_file:dir r_dir_perms;
diff --git a/private/netd.te b/private/netd.te
index 93d0141..8b6ea4c 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -66,11 +66,7 @@
 allow netd self:netlink_route_socket nlmsg_write;
 allow netd self:netlink_nflog_socket create_socket_perms_no_ioctl;
 allow netd self:netlink_socket create_socket_perms_no_ioctl;
-allow netd self:netlink_tcpdiag_socket create_socket_perms_no_ioctl;
-# For kernel < 6.13
-allow netd self:netlink_tcpdiag_socket { nlmsg_read nlmsg_write };
-# For kernel >= 6.13
-allow netd self:netlink_tcpdiag_socket nlmsg;
+allow netd self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
 allow netd self:netlink_generic_socket create_socket_perms_no_ioctl;
 allow netd self:netlink_netfilter_socket create_socket_perms_no_ioctl;
 allow netd shell_exec:file rx_file_perms;
diff --git a/private/network_stack.te b/private/network_stack.te
index ee7269e..4450e02 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -55,11 +55,7 @@
 get_prop(network_stack, device_config_connectivity_prop)
 
 # Create/use netlink_tcpdiag_socket to get tcp info
-allow network_stack self:netlink_tcpdiag_socket create_socket_perms_no_ioctl;
-# For kernel < 6.13
-allow network_stack self:netlink_tcpdiag_socket { nlmsg_read nlmsg_write };
-# For kernel >= 6.13
-allow network_stack self:netlink_tcpdiag_socket nlmsg;
+allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
 ############### Tethering Service app - Tethering.apk ##############
 hal_client_domain(network_stack, hal_tetheroffload)
 # Create and share netlink_netfilter_sockets for tetheroffload.
diff --git a/private/system_server.te b/private/system_server.te
index 6a498f8..aeeb566 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -154,11 +154,8 @@
 allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;
 
 # Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps.
-allow system_server self:netlink_tcpdiag_socket create_socket_perms_no_ioctl;
-# For kernel < 6.13
-allow system_server self:netlink_tcpdiag_socket { nlmsg_read nlmsg_write };
-# For kernel >= 6.13
-allow system_server self:netlink_tcpdiag_socket nlmsg;
+allow system_server self:netlink_tcpdiag_socket
+    { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
 
 # Use netlink uevent sockets.
 allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;