diff --git a/non_plat/file.te b/non_plat/file.te
index 1dc55b4..c9791cb 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -450,3 +450,4 @@ type vendor_teei_data_file, file_type, data_file_type;
 # IMS
 type volte_ua_socket, file_type;
 type volte_imcb_socket, file_type;
+type wfca_socket, file_type;
diff --git a/non_plat/file_contexts b/non_plat/file_contexts
index d2cc05e..1838825 100644
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@@ -714,9 +714,11 @@
 # IMS
 /dev/socket/volte_ua(/.*)?             u:object_r:volte_ua_socket:s0
 /dev/socket/volte_imcb(/.*)?           u:object_r:volte_imcb_socket:s0
+/dev/socket/wfca(/.*)?         u:object_r:wfca_socket:s0
 /(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
 /(system\/vendor|vendor)/bin/epdg_wod           u:object_r:epdg_wod_exec:s0
 /(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
 /(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0
 /(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
 /(system\/vendor|vendor)/bin/volte_imcb         u:object_r:volte_imcb_exec:s0
+/(system\/vendor|vendor)/bin/wfca                u:object_r:wfca_exec:s0
diff --git a/non_plat/wfca.te b/non_plat/wfca.te
new file mode 100644
index 0000000..91c9bb2
--- /dev/null
+++ b/non_plat/wfca.te
@@ -0,0 +1,22 @@
+type wfca, domain, netdomain, mtkimsmddomain;
+type wfca_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(wfca)
+
+allow wfca wfca_socket:sock_file write;
+
+allow wfca self:capability2 block_suspend;
+allow wfca self:capability { setgid setuid net_admin net_raw };
+allow wfca self:udp_socket { ioctl read write create getattr bind setopt shutdown };
+allow wfca self:rawip_socket { read write create getattr bind setopt };
+allow wfca self:packet_socket { read create setopt };
+
+allow wfca socket_device:sock_file { write create unlink };
+allow wfca socket_device:dir { write add_name remove_name };
+
+allow wfca { node port }:{ udp_socket rawip_socket } node_bind;
+allow wfca fwmarkd_socket:sock_file write;
+allow wfca ccci_device:chr_file { ioctl read write open };
+allow wfca sysfs_wake_lock:file { read write open };
+
+dontaudit wfca self:capability dac_override;