diff --git a/private/access_vectors b/private/access_vectors
index 14e17120731adf464b10f92ecb04bf12e005f04b..898c884cdcd64bfa36db3cc8f065f21cd2daf5b1 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -282,6 +282,15 @@ inherits socket
 class unix_dgram_socket
 inherits socket
 
+class bpf
+{
+	map_create
+	map_read
+	map_write
+	prog_load
+	prog_run
+}
+
 #
 # Define the access vector interpretation for process-related objects
 #
diff --git a/private/security_classes b/private/security_classes
index 2cfc768b5449e2740cfc3d037d080f0bc419b80e..251b721686174e0f7e77c9d5f3107ab73774c97d 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -35,6 +35,7 @@ class packet_socket
 class key_socket
 class unix_stream_socket
 class unix_dgram_socket
+class bpf
 
 # sysv-ipc-related classes
 class sem
diff --git a/public/netd.te b/public/netd.te
index ec18113d477a2415df11d46881cd50f69a9da6a4..225ada9f5d3c6e9e1fa0c219367567e1cd28e4ad 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -107,6 +107,9 @@ allow netd netdomain:fd use;
 # give netd permission to read and write netlink xfrm
 allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
 
+# give netd permission to use eBPF functionalities
+allow netd self:bpf { map_create map_read map_write prog_load prog_run };
+
 # Allow netd to register as hal server.
 add_hwservice(netd, system_net_netd_hwservice)
 hwbinder_use(netd)