diff --git a/sepolicy/private/network_stack.te b/sepolicy/private/network_stack.te
new file mode 100644
index 0000000..ff8f82a
--- /dev/null
+++ b/sepolicy/private/network_stack.te
@@ -0,0 +1,4 @@
+# R vendor devices may not have fs_bpf_netd_private etc.
+# Allow network stack to do whatever with fs_bpf
+allow network_stack fs_bpf:dir search;
+allow network_stack fs_bpf:file { getattr read write };