diff --git a/hostapd.te b/hostapd.te
index a5ed62a5b8c879b3ada7e1da024e1fdd2dec67b2..e6e88e958987e58ed5e652314294d1cd4fd96644 100644
--- a/hostapd.te
+++ b/hostapd.te
@@ -11,6 +11,7 @@ allow hostapd self:udp_socket { create ioctl };
 
 allow hostapd wifi_data_file:file rw_file_perms;
 allow hostapd wifi_data_file:dir create_dir_perms;
+type_transition hostapd wifi_data_file:dir wpa_socket "sockets";
 allow hostapd wpa_socket:dir create_dir_perms;
 allow hostapd wpa_socket:sock_file create_file_perms;
 allow hostapd netd:fd use;
diff --git a/wpa_supplicant.te b/wpa_supplicant.te
index 1ebf5560201ceb4d22b1a2831b8fd59443682754..fd454bf957e4d4fe93455795ad492a30093ac32d 100644
--- a/wpa_supplicant.te
+++ b/wpa_supplicant.te
@@ -16,8 +16,8 @@ unix_socket_send(wpa, system_wpa, system_server)
 allow wpa random_device:chr_file r_file_perms;
 
 # Create a socket for receiving info from wpa
-type_transition wpa wifi_data_file:sock_file wpa_socket;
-allow wpa wpa_socket:dir { rw_dir_perms setattr };
+type_transition wpa wifi_data_file:dir wpa_socket "sockets";
+allow wpa wpa_socket:dir create_dir_perms;
 allow wpa wpa_socket:sock_file create_file_perms;
 
 # Allow wpa_cli to work. wpa_cli creates a socket in