diff --git a/public/domain.te b/public/domain.te
index 914ef9776749db801cf3fffe8669481615408dee..51f4081f67f9c3c238f6fabe1cccb7e96be9b9ec 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -33,10 +33,9 @@ allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
 allow domain init:fd use;
 
 userdebug_or_eng(`
-  # Same as adbd rules above, except allow su to do the same thing
-  allow domain su:unix_stream_socket connectto;
   allow domain su:fd use;
-  allow domain su:unix_stream_socket { getattr getopt read write shutdown };
+  allow domain su:unix_stream_socket { connectto getattr getopt read write shutdown };
+  allow domain su:unix_dgram_socket sendto;
 
   allow { domain -init } su:binder { call transfer };
 
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 0f2540e40d9804264b832cd392efc7bf6c75f5d8..82c9e7d7a202e3dd7ebad733164985201049cd9b 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -26,12 +26,6 @@ allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
 allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;
 allow hal_wifi_supplicant wpa_socket:sock_file create_file_perms;
 
-# Allow wpa_cli to work. wpa_cli creates a socket in
-# /data/misc/wifi/sockets which hal_wifi_supplicant supplicant communicates with.
-userdebug_or_eng(`
-  unix_socket_send(hal_wifi_supplicant, wpa, su)
-')
-
 ###
 ### neverallow rules
 ###