diff --git a/public/netd.te b/public/netd.te
index 81f4af42bd3a8f57e7d7960601ee4df21a8cede8..35d9b7cee797e1fecd0f33a2a8fd8b7feb8e823c 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -80,6 +80,9 @@ allow netd netdomain:{
 } { read write getattr setattr getopt setopt };
 allow netd netdomain:fd use;
 
+# give netd permission to read and write netlink xfrm
+allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
+
 ###
 ### Neverallow rules
 ###