diff --git a/mtp.te b/mtp.te
index 48a552579d6de88aecb3e6466e3c6fd467e5c1f9..9681daf493dad971ec5ab87e30fb99fdf64984d2 100644
--- a/mtp.te
+++ b/mtp.te
@@ -1,7 +1,16 @@
 # vpn tunneling protocol manager
 type mtp, domain;
+permissive_or_unconfined(mtp)
 type mtp_exec, exec_type, file_type;
 
 init_daemon_domain(mtp)
 net_domain(mtp)
-unconfined_domain(mtp)
+
+# pptp policy
+allow mtp self:tcp_socket create_socket_perms;
+allow mtp self:socket create_socket_perms;
+allow mtp self:rawip_socket create_socket_perms;
+allow mtp self:capability net_raw;
+allow mtp ppp:process signal;
+allow mtp port:tcp_socket name_connect;
+allow mtp vpn_data_file:dir search;