diff --git a/wificond.te b/wificond.te
index 764b69f335cdbed6266ce79fd75d3332799cd925..2c5fd1e998274a8474538a02f24df1c44226059d 100644
--- a/wificond.te
+++ b/wificond.te
@@ -19,11 +19,15 @@ set_prop(wificond, ctl_default_prop)
 
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
+# See discussion in b/31226503
+allowxperm wificond self:udp_socket ioctl unpriv_sock_ioctls;
 # setting interface state up/down is a privileged ioctl
 allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
 allow wificond self:capability { net_admin net_raw };
 # allow wificond to speak to nl80211 in the kernel
 allow wificond self:netlink_socket create_socket_perms;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow wificond self:netlink_generic_socket create_socket_perms;
 
 r_dir_file(wificond, proc_net)