diff --git a/wificond.te b/wificond.te
index 59fc38c09cfc578c73d553a44353b6d99b2bd841..7a80ac2ac9f7dffb37a87d5bc23d853464770977 100644
--- a/wificond.te
+++ b/wificond.te
@@ -36,3 +36,8 @@ allow wificond self:capability { chown fowner };
 allow wificond hostapd:process { signal signull };
 # wificond needs kill to drop mad signals on hostapd.
 allow wificond self:capability kill;
+
+# wificond cleans up sockets created by wpa_supplicant and framework
+allow wificond wpa_socket:dir rw_dir_perms;
+allow wificond system_wpa_socket:sock_file unlink;
+allow wificond wpa_socket:sock_file unlink;