diff --git a/private/network_stack.te b/private/network_stack.te
index b1059382d..449e9876a 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -56,6 +56,9 @@ allow network_stack { fs_bpf fs_bpf_tethering }:dir search;
 allow network_stack { fs_bpf fs_bpf_tethering }:file { read write };
 allow network_stack bpfloader:bpf { map_read map_write prog_run };
 
+# Use XFRM (IPsec) netlink sockets
+allow network_stack self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
+
 # Only the bpfloader and the network_stack should ever touch 'fs_bpf_tethering' programs/maps.
 # Unfortunately init/vendor_init have all sorts of extra privs
 neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_tethering:dir ~getattr;
diff --git a/private/system_server.te b/private/system_server.te
index 85675de0e..b3f62cba9 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -180,6 +180,9 @@ allow system_server self:socket create_socket_perms_no_ioctl;
 # Set and get routes directly via netlink.
 allow system_server self:netlink_route_socket nlmsg_write;
 
+# Use XFRM (IPsec) netlink sockets
+allow system_server self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
+
 # Kill apps.
 allow system_server appdomain:process { getpgid sigkill signal };
 # signull allowed for kill(pid, 0) existence test.