diff --git a/net.te b/net.te
index 7e00ed845cf8428e275716393fb33a707da074e6..b10cecdaab3df2c0e5b3f6e9342e42af19967491 100644
--- a/net.te
+++ b/net.te
@@ -2,3 +2,17 @@
 type node, node_type;
 type netif, netif_type;
 type port, port_type;
+
+# Use network sockets.
+allow netdomain self:{ tcp_socket udp_socket } *;
+# Connect to ports.
+allow netdomain port_type:tcp_socket name_connect;
+# Bind to ports.
+allow netdomain node_type:{ tcp_socket udp_socket } node_bind;
+allow netdomain port_type:udp_socket name_bind;
+allow netdomain port_type:tcp_socket name_bind;
+# Get route information.
+allow netdomain self:netlink_route_socket { create bind read nlmsg_read };
+
+# Talks to netd via dnsproxyd socket.
+unix_socket_connect(netdomain, dnsproxyd, netd)