diff --git a/public/racoon.te b/public/racoon.te
index 7d1247a81df5308277d58793b135d11d2c1373ba..688874024cb04c751ceaab66822cb26631502dac 100644
--- a/public/racoon.te
+++ b/public/racoon.te
@@ -10,6 +10,7 @@ allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMAS
 binder_use(racoon)
 
 allow racoon tun_device:chr_file r_file_perms;
+allowxperm racoon tun_device:chr_file ioctl TUNSETIFF;
 allow racoon cgroup:dir { add_name create };
 allow racoon kernel:system module_request;