diff --git a/clatd.te b/clatd.te
new file mode 100644
index 0000000000000000000000000000000000000000..ebbb79ca8f3bbc77c5674631b29abae1f367c6c0
--- /dev/null
+++ b/clatd.te
@@ -0,0 +1,8 @@
+# 464xlat daemon
+type clatd, domain;
+permissive clatd;
+type clatd_exec, exec_type, file_type;
+
+init_daemon_domain(clatd)
+net_domain(clatd)
+unconfined_domain(clatd)
diff --git a/file_contexts b/file_contexts
index 2161e8ebd35fffb1d5d9b07270474ec88a72adf3..81b9da976505baebba7e80bdbdab308297a8afa7 100644
--- a/file_contexts
+++ b/file_contexts
@@ -151,6 +151,7 @@
 /system/bin/ping    u:object_r:ping_exec:s0
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/hostapd     u:object_r:hostapd_exec:s0
+/system/bin/clatd	u:object_r:clatd_exec:s0
 #############################
 # Vendor files
 #
diff --git a/netd.te b/netd.te
index 8636af1334748f8488c94e65fa3b3f79668b435c..f98be3d3c15405230c7226f874ecad190a5a2f95 100644
--- a/netd.te
+++ b/netd.te
@@ -47,6 +47,10 @@ allow netd hostapd:process signal;
 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
 allow netd dnsmasq:process signal;
 
+# Allow netd to start clatd in its own domain
+domain_auto_trans(netd, clatd_exec, clatd)
+allow netd clatd:process signal;
+
 # Support netd running mdnsd
 # TODO: prune this back further
 allow netd ctl_default_prop:property_service set;