diff --git a/bluetooth.te b/bluetooth.te
index 102ee20e804c9d81397eee19983537ed8637a616..8fb088242d24331271189b324b74027e96ab6365 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -10,7 +10,7 @@ allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
 r_dir_file(bluetooth, bluetooth_efs_file)
 
 # Device accesses.
-allow bluetooth hci_attach_dev:chr_file rw_file_perms;
+allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
 allow bluetooth input_device:chr_file write;
 
 # sysfs access.
@@ -21,3 +21,7 @@ allow bluetooth self:capability net_admin;
 # SELinux does not presently define a specific socket class for
 # bluetooth sockets, nor does it distinguish among the bluetooth protocols.
 allow bluetoothdomain self:socket *;
+
+# tethering
+allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
+allow bluetooth efs_file:dir search;
diff --git a/dhcp.te b/dhcp.te
index 1cf7af51e1d297fa10675ef6ac861d2650368047..0c533eb4097c72247acabdc54f4c8452eee53355 100644
--- a/dhcp.te
+++ b/dhcp.te
@@ -22,3 +22,11 @@ unix_socket_connect(dhcp, property, init)
 type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
 allow dhcp dhcp_data_file:dir create_dir_perms;
 allow dhcp dhcp_data_file:file create_file_perms;
+
+# PAN connections
+allow dhcp netd:fd use;
+allow dhcp netd:fifo_file rw_file_perms;
+allow dhcp netd:{ dgram_socket_class_set unix_stream_socket } { read write };
+allow dhcp netd:{ netlink_kobject_uevent_socket netlink_route_socket netlink_nflog_socket } { read write };
+# netdev-bt-pan driver loading
+allow dhcp kernel:system module_request;
diff --git a/netd.te b/netd.te
index 47687dc7d9ce0f53e35e9fe8a3abf1932e43a199..654dae50f998d58a4216c68c65462c718a480e47 100644
--- a/netd.te
+++ b/netd.te
@@ -4,7 +4,7 @@ type netd_exec, exec_type, file_type;
 
 init_daemon_domain(netd)
 typeattribute netd mlstrustedsubject;
-allow netd self:capability { net_admin net_raw sys_module };
+allow netd self:capability { net_admin net_raw sys_module kill };
 allow netd self:netlink_kobject_uevent_socket *;
 allow netd self:netlink_route_socket *;
 allow netd self:netlink_nflog_socket *;
@@ -28,3 +28,10 @@ allow netd sysfs:file write;
 # Network driver loading.
 allow netd kernel:system module_request;
 
+# Set dhcp lease for PAN connection
+unix_socket_connect(netd, property, init)
+allow netd system_prop:property_service set;
+
+# Connect to PAN
+domain_auto_trans(netd, dhcp_exec, dhcp);
+allow netd dhcp:process signal;