diff --git a/telephony/pktrouter.mk b/telephony/pktrouter.mk
new file mode 100644
index 0000000..7f054e6
--- /dev/null
+++ b/telephony/pktrouter.mk
@@ -0,0 +1,3 @@
+PRODUCT_PACKAGES += wfc-pkt-router
+PRODUCT_PROPERTY_OVERRIDES += vendor.pktrouter=1
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/telephony/sepolicy
diff --git a/telephony/sepolicy/device.te b/telephony/sepolicy/device.te
new file mode 100644
index 0000000..3225bac
--- /dev/null
+++ b/telephony/sepolicy/device.te
@@ -0,0 +1 @@
+type pktrouter_device, dev_type;
diff --git a/telephony/sepolicy/file_contexts b/telephony/sepolicy/file_contexts
new file mode 100644
index 0000000..f6e73db
--- /dev/null
+++ b/telephony/sepolicy/file_contexts
@@ -0,0 +1,4 @@
+# WFC
+/vendor/bin/wfc-pkt-router     u:object_r:pktrouter_exec:s0
+
+/dev/umts_wfc[01]              u:object_r:pktrouter_device:s0
diff --git a/telephony/sepolicy/netutils_wrapper.te b/telephony/sepolicy/netutils_wrapper.te
new file mode 100644
index 0000000..ff1be58
--- /dev/null
+++ b/telephony/sepolicy/netutils_wrapper.te
@@ -0,0 +1,7 @@
+allow netutils_wrapper pktrouter:fd use;
+allow netutils_wrapper pktrouter:fifo_file write;
+allow netutils_wrapper pktrouter:netlink_route_socket { read write };
+allow netutils_wrapper pktrouter:packet_socket { read write };
+allow netutils_wrapper pktrouter:rawip_socket { read write };
+allow netutils_wrapper pktrouter:udp_socket { read write };
+allow netutils_wrapper pktrouter_device:chr_file rw_file_perms;
diff --git a/telephony/sepolicy/pktrouter.te b/telephony/sepolicy/pktrouter.te
new file mode 100644
index 0000000..b7d2e11
--- /dev/null
+++ b/telephony/sepolicy/pktrouter.te
@@ -0,0 +1,14 @@
+type pktrouter, domain;
+type pktrouter_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(pktrouter)
+net_domain(pktrouter)
+
+domain_auto_trans(pktrouter, netutils_wrapper_exec, netutils_wrapper);
+
+allow pktrouter pktrouter_device:chr_file rw_file_perms;
+allow pktrouter radio_device:chr_file r_file_perms;
+allow pktrouter self:netlink_route_socket nlmsg_write;
+allow pktrouter self:packet_socket { bind create read write getattr shutdown};
+allow pktrouter self:capability net_raw;
+
+get_prop(pktrouter, vendor_ims_prop);
diff --git a/telephony/sepolicy/property.te b/telephony/sepolicy/property.te
new file mode 100644
index 0000000..a3d6a39
--- /dev/null
+++ b/telephony/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_ims_prop)
diff --git a/telephony/sepolicy/property_contexts b/telephony/sepolicy/property_contexts
new file mode 100644
index 0000000..4165d92
--- /dev/null
+++ b/telephony/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# for ims service
+vendor.pktrouter              u:object_r:vendor_ims_prop:s0
+
diff --git a/telephony/sepolicy/vendor_init.te b/telephony/sepolicy/vendor_init.te
new file mode 100644
index 0000000..3a86781
--- /dev/null
+++ b/telephony/sepolicy/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_ims_prop)