diff --git a/wpa_supplicant.te b/wpa_supplicant.te
index de1eb5ddbe5fb218d7ccb7c2a8086b34a59c5595..1ebf5560201ceb4d22b1a2831b8fd59443682754 100644
--- a/wpa_supplicant.te
+++ b/wpa_supplicant.te
@@ -19,3 +19,9 @@ allow wpa random_device:chr_file r_file_perms;
 type_transition wpa wifi_data_file:sock_file wpa_socket;
 allow wpa wpa_socket:dir { rw_dir_perms setattr };
 allow wpa wpa_socket:sock_file create_file_perms;
+
+# Allow wpa_cli to work. wpa_cli creates a socket in
+# /data/misc/wifi/sockets which wpa supplicant communicates with.
+userdebug_or_eng(`
+  unix_socket_send(wpa, wpa, su)
+')