diff --git a/common/private/service.te b/common/private/service.te
index 176fa6dc1ba20e97561a2ee8b2a3c84b57500575..a44e570df38b202bae1ae0d3a41340e0a6710fa0 100644
--- a/common/private/service.te
+++ b/common/private/service.te
@@ -6,3 +6,4 @@ type lineage_performance_service, system_api_service, system_server_service, ser
 type lineage_profile_service, system_api_service, system_server_service, service_manager_type;
 type lineage_trust_service, system_api_service, system_server_service, service_manager_type;
 type lineage_weather_service, system_api_service, system_server_service, service_manager_type;
+type lineage_blocker_service, system_api_service, system_server_service, service_manager_type;
\ No newline at end of file
diff --git a/common/private/service_contexts b/common/private/service_contexts
index 2eca65375322fcebad9443046a598051a0905a87..37d824287c360a6f886b76bb5fdd909b523cb44a 100644
--- a/common/private/service_contexts
+++ b/common/private/service_contexts
@@ -7,3 +7,4 @@ lineageweather                            u:object_r:lineage_weather_service:s0
 profile                                   u:object_r:lineage_profile_service:s0
 
 adbroot_service                           u:object_r:adbroot_service:s0
+lineageblocker                            u:object_r:lineage_blocker_service:s0
\ No newline at end of file
diff --git a/common/system/file_contexts b/common/system/file_contexts
index 8fc1e7788f4208c3af5e979b1d23d39d0bc0a675..b42678b0cdb164fde766aaf39e22303c49d32d95 100644
--- a/common/system/file_contexts
+++ b/common/system/file_contexts
@@ -1,2 +1,3 @@
 # Trust
 /system/bin/hw/lineage\.trust@1\.0-service      u:object_r:hal_lineage_trust_default_exec:s0
+/system/bin/iptables                            u:object_r:lineage_iptables_exec:s0
diff --git a/common/system/lineage_iptables.te b/common/system/lineage_iptables.te
new file mode 100644
index 0000000000000000000000000000000000000000..411075677c9a95de41d747cf4bc7322e15bb48cb
--- /dev/null
+++ b/common/system/lineage_iptables.te
@@ -0,0 +1,5 @@
+# iptables
+type lineage_iptables, domain, coredomain;
+
+type lineage_iptables_exec, exec_type, system_file_type, file_type;
+init_daemon_domain(lineage_iptables)
diff --git a/common/system/netd.te b/common/system/netd.te
new file mode 100644
index 0000000000000000000000000000000000000000..fd5cd817d130fb33423133df12f70b65a7cd9018
--- /dev/null
+++ b/common/system/netd.te
@@ -0,0 +1 @@
+allow netd lineage_iptables_exec:file { execute_no_trans execute read open getattr };