diff --git a/service.te b/service.te
index c891ca8e04ab1a7d52dd70fe21b380962af5e060..d72d6552ac7d1a64ccfad98179bbbb3303a49858 100644
--- a/service.te
+++ b/service.te
@@ -120,3 +120,4 @@ type wifiscanner_service, system_api_service, system_server_service, service_man
type wifi_service, app_api_service, system_server_service, service_manager_type;
type wificond_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
+type wpa_supplicant_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index 218cb8f9f5a86d1b999e3dd83d3854be3800ca48..2b7a1b113baea63ca315f8498b3cb128bcf6d1e8 100644
--- a/service_contexts
+++ b/service_contexts
@@ -145,4 +145,5 @@ wifiscanner u:object_r:wifiscanner_service:s0
wifi u:object_r:wifi_service:s0
wificond u:object_r:wificond_service:s0
window u:object_r:window_service:s0
+wpa u:object_r:wpa_supplicant_service:s0
* u:object_r:default_android_service:s0
diff --git a/wificond.te b/wificond.te
index edc82e0d5a54457824be813c095787513b37b67c..0da5f380bd7335a13a0614114864f56f04906ebc 100644
--- a/wificond.te
+++ b/wificond.te
@@ -6,5 +6,6 @@ init_daemon_domain(wificond)
binder_use(wificond)
binder_call(wificond, system_server)
+binder_call(wificond, wpa)
allow wificond wificond_service:service_manager { add find };
diff --git a/wpa.te b/wpa.te
index dddc801e032989f26630afd165732b4fd3b8517b..dfb73dc2efee6659c8feb2c05f83ab701c8d6622 100644
--- a/wpa.te
+++ b/wpa.te
@@ -23,7 +23,10 @@ allow wpa wifi_data_file:dir create_dir_perms;
allow wpa wifi_data_file:file create_file_perms;
unix_socket_send(wpa, system_wpa, system_server)
+# Binder interface exposed by WPA.
binder_use(wpa)
+binder_call(wpa, wificond)
+allow wpa wpa_supplicant_service:service_manager { add find };
# Create a socket for receiving info from wpa
type_transition wpa wifi_data_file:dir wpa_socket "sockets";