diff --git a/sepolicy/netd.te b/sepolicy/netd.te
new file mode 100644
index 0000000..465ec2f
--- /dev/null
+++ b/sepolicy/netd.te
@@ -0,0 +1,2 @@
+allow netd untrusted_app_25:unix_stream_socket { read write };
+
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
index 50e45cf..a3c4026 100644
--- a/sepolicy/untrusted_app.te
+++ b/sepolicy/untrusted_app.te
@@ -2,3 +2,12 @@ get_prop(untrusted_app, camera_prop);
 get_prop(untrusted_app_25, camera_prop);
 allow untrusted_app sysfs_zram:dir { search read };
 allow untrusted_app sysfs_zram:file { open read getattr };
+
+get_prop(untrusted_app, net_dns_prop);
+
+allow untrusted_app firmware_file:dir read;
+allow untrusted_app fsg_file:dir read;
+allow untrusted_app net_dns_prop:file read;
+allow untrusted_app persist_file:dir getattr;
+allow untrusted_app persist_file:filesystem getattr;
+allow untrusted_app rootfs:dir read;
diff --git a/sepolicy/untrusted_app_25.te b/sepolicy/untrusted_app_25.te
index 091bdfc..24dbfc7 100644
--- a/sepolicy/untrusted_app_25.te
+++ b/sepolicy/untrusted_app_25.te
@@ -4,3 +4,7 @@
 
 allow untrusted_app_25 init:unix_stream_socket { read write };
 
+allow untrusted_app_25 proc_stat:file read;
+allow untrusted_app_25 qemu_hw_mainkeys_prop:file read;
+allow untrusted_app_25 self:udp_socket ioctl;
+allow untrusted_app_25 vold_exec:file read;