diff --git a/wificond.te b/wificond.te
index e873ec5ebe53b4911a472b745f3fba1271979c7f..eba98da09ccb75e4c5131bf66b8ed88de2acc54b 100644
--- a/wificond.te
+++ b/wificond.te
@@ -36,3 +36,8 @@ allow wificond self:capability { chown fowner };
 allow wificond hostapd:process { signal signull };
 # wificond needs kill to drop mad signals on hostapd.
 allow wificond self:capability kill;
+
+# wificond cleans up sockets created by wpa_supplicant and framework
+allow wificond wpa_socket:dir rw_dir_perms;
+allow wificond system_wpa_socket:sock_file unlink;
+allow wificond wpa_socket:sock_file unlink;