diff --git a/dnsmasq.te b/dnsmasq.te
index fcf7c6d3d77796625539dce261d84037440fac31..61382a207c039dda2b8b233d79e5e71da00b0808 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -5,7 +5,16 @@ type dnsmasq_exec, exec_type, file_type;
 
 net_domain(dnsmasq)
 
-allow dnsmasq self:capability { net_bind_service setgid setuid };
+allow dnsmasq self:capability { net_admin net_raw net_bind_service setgid setuid };
 
 allow dnsmasq dhcp_data_file:dir w_dir_perms;
 allow dnsmasq dhcp_data_file:file create_file_perms;
+
+# Inherit and use open files from netd.
+allow dnsmasq netd:fd use;
+allow dnsmasq netd:fifo_file { read write };
+# TODO: Investigate whether these inherited sockets should be closed on exec.
+allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
+allow dnsmasq netd:netlink_nflog_socket { read write };
+allow dnsmasq netd:netlink_route_socket { read write };
+allow dnsmasq netd:unix_stream_socket { read write };