diff --git a/wificond.te b/wificond.te
index acdf522baf3c39e3eae82f65aec93fe146082c2c..6f51f2f99dfe792ed0e467922af4aff5a7a38be5 100644
--- a/wificond.te
+++ b/wificond.te
@@ -16,6 +16,7 @@ set_prop(wificond, wifi_prop)
 
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
-allow wificond self:capability net_raw;
+allow wificond self:capability { net_admin net_raw };
+allow wificond self:netlink_socket create_socket_perms_no_ioctl;
 
 r_dir_file(wificond, proc_net)