diff --git a/sepolicy/base/public/service.te b/sepolicy/base/public/service.te
index f4751298f38f1695aa0c313d8aae1562dc29cbfc..ada7030651d15d22139e18f4fa610fcc3b75e9b6 100644
--- a/sepolicy/base/public/service.te
+++ b/sepolicy/base/public/service.te
@@ -82,6 +82,7 @@ type sa_comm_net_tethering_manager_service, sa_service_attr;
 type sa_comm_vpn_manager_service, sa_service_attr;
 type sa_comm_dns_manager_service, sa_service_attr;
 type sa_comm_ethernet_manager_service, sa_service_attr;
+type sa_comm_mdns_manager_service, sa_service_attr;
 type sa_discover_service, sa_service_attr;
 type sa_ability_tools_service, sa_service_attr;
 type sa_dnet_service, sa_service_attr;
diff --git a/sepolicy/base/public/service_contexts b/sepolicy/base/public/service_contexts
index 13c5ceffd58945c14cbdc602980460892801d73d..ae0d36e29df634f6e1d664e8e5c1e9f3862777ac 100644
--- a/sepolicy/base/public/service_contexts
+++ b/sepolicy/base/public/service_contexts
@@ -67,6 +67,7 @@
 1157	                               u:object_r:sa_comm_ethernet_manager_service:s0
 1158                                   u:object_r:sa_netsys_native_manager:s0
 1160	                               u:object_r:sa_discover_service:s0
+1161	                               u:object_r:sa_comm_mdns_manager_service:s0
 1170	                               u:object_r:sa_dnet_service:s0
 1180	                               u:object_r:sa_smart_comm_service:s0
 1200	                               u:object_r:sa_subsys_dfx_service:s0
diff --git a/sepolicy/base/public/type.te b/sepolicy/base/public/type.te
index 99e68c3c3f0212d2ea8e5ea8d673d65da39a0cb6..4f694eb201a736ff8b44201f3560b7ffa1f31df9 100644
--- a/sepolicy/base/public/type.te
+++ b/sepolicy/base/public/type.te
@@ -46,6 +46,7 @@ type download_server, sadomain, domain;
 type msdp_sa, sadomain, domain;
 type misc, sadomain, domain;
 type netsysnative, sadomain, domain;
+type mdnsmanager, sadomain, domain;
 type hidumper_service, sadomain, domain;
 type console, sadomain, domain;
 type bootanimation, sadomain, domain;
diff --git a/sepolicy/base/te/init.te b/sepolicy/base/te/init.te
index 29b109eba440ee2a9c36e72bbca0b1b81a7da456..8b0c92b77140c355839266c4998a4936c7b49559 100644
--- a/sepolicy/base/te/init.te
+++ b/sepolicy/base/te/init.te
@@ -29,6 +29,7 @@ allow init bootevent_samgr_param:file { map open read relabelto };
 allow init build_version_param:file { map open read relabelto };
 allow init camera_host:process { rlimitinh siginh transition };
 allow init camera_service:process { rlimitinh siginh transition };
+allow init mdnsmanager:process { rlimitinh siginh transition };
 allow init cgroup:dir { add_name create open read search setattr write };
 allow init cgroup:file { getattr open setattr };
 allow init cgroup:filesystem { mount };
diff --git a/sepolicy/base/te/netmanager.te b/sepolicy/base/te/netmanager.te
index 52a4984a09d0fef9f0d8d1233ed2854e5d623a93..020babeabe5d3bb57a6d84f86ccbcba58ac44110 100644
--- a/sepolicy/base/te/netmanager.te
+++ b/sepolicy/base/te/netmanager.te
@@ -60,6 +60,7 @@ allow netmanager persist_sys_param:file { map open read };
 allow netmanager sa_accesstoken_manager_service:samgr_class { get };
 allow netmanager sa_comm_dns_manager_service:samgr_class { add };
 allow netmanager sa_comm_ethernet_manager_service:samgr_class { add };
+allow netmanager sa_comm_mdns_manager_service:samgr_class { add };
 allow netmanager sa_comm_net_stats_manager_service:samgr_class { add };
 allow netmanager sa_foundation_cesfwk_service:samgr_class { get };
 allow netmanager sa_net_conn_manager:samgr_class { add };
diff --git a/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te b/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te
index 7a55ac56ab67ea470b31b42a62118920fd641faa..5cfdc3b51f3b2a6cd18f9bf39bc364ee73accb78 100644
--- a/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te
+++ b/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te
@@ -91,5 +91,6 @@ allowxperm foundation dev_mali:chr_file ioctl {  0x8002  };
 allowxperm foundation sys_file:file ioctl {  0x5413  };
 allow foundation foundation:capability { sys_ptrace };
 allow foundation storage_manager:dir { search };
+allow foundation netmanager:binder { transfer };
 neverallow foundation *:process ptrace;
 
diff --git a/sepolicy/ohos_policy/communication/netmanager/system/mdnsmanager.te b/sepolicy/ohos_policy/communication/netmanager/system/mdnsmanager.te
new file mode 100644
index 0000000000000000000000000000000000000000..8adcd21a35709b68f8444d121b5903cd908b40b1
--- /dev/null
+++ b/sepolicy/ohos_policy/communication/netmanager/system/mdnsmanager.te
@@ -0,0 +1,38 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+allow mdnsmanager dev_console_file:chr_file { read write };
+allow mdnsmanager hilog_param:file { open read map };
+allow mdnsmanager dev_unix_socket:dir  { search };
+allow mdnsmanager tracefs:dir { search };
+allow mdnsmanager tracefs_trace_marker_file:file { open write };
+allow mdnsmanager debug_param:file { open read map };
+allow mdnsmanager param_watcher:binder  { call transfer };
+allow mdnsmanager mdnsmanager:binder { call };
+allow mdnsmanager musl_param:file { open read map };
+allow mdnsmanager mdnsmanager:netlink_route_socket { create write read nlmsg_read };
+
+allow param_watcher mdnsmanager:binder { call };
+allow system_basic_hap mdnsmanager:binder { transfer call };
+allow mdnsmanager system_basic_hap:binder { call };
+allow system_basic_hap sa_comm_mdns_manager_service:samgr_class { get };
+allow mdnsmanager sa_param_watcher:samgr_class { get };
+allow mdnsmanager sa_comm_mdns_manager_service:samgr_class { add };
+allow mdnsmanager sa_accesstoken_manager_service:samgr_class { get };
+allow mdnsmanager accesstoken_service:binder { call };
+
+allow mdnsmanager mdnsmanager:udp_socket { create getopt setopt bind name_bind ioctl read write };
+allow mdnsmanager node:udp_socket { node_bind };
+allow mdnsmanager port:udp_socket { name_bind };
+allow mdnsmanager mdnsmanager:unix_dgram_socket { ioctl getopt setopt };
+allow mdnsmanager sh:binder { call };
\ No newline at end of file
diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
index 5cd4ff274bbbdebd448fe43b01de766a94f1301c..cca57154a71bbf8efd93d851ebad8c757f024026 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
@@ -70,3 +70,5 @@ allowxperm netmanager netmanager:udp_socket ioctl { 0x8915 0x8916 0x891b 0x891c
 allowxperm netmanager netmanager:unix_dgram_socket ioctl { 0x8910 };
 allow netsysnative netmanager:fd { use };
 allow netsysnative netmanager:tcp_socket { read write bind getopt setopt connect };
+allow netmanager data_service_el1_file:file { rename };
+allow netmanager sa_foundation_appms:samgr_class { get };
\ No newline at end of file
diff --git a/sepolicy/ohos_policy/hiviewdfx/hidumper/system/hidumper_service.te b/sepolicy/ohos_policy/hiviewdfx/hidumper/system/hidumper_service.te
index 8213a371bd1ddd1dda19b408ed1db7d56893cc45..3b3ae02381ba03ff9f7eb10c2e84d1ef7a361ba6 100644
--- a/sepolicy/ohos_policy/hiviewdfx/hidumper/system/hidumper_service.te
+++ b/sepolicy/ohos_policy/hiviewdfx/hidumper/system/hidumper_service.te
@@ -188,6 +188,7 @@ allow hidumper_service sa_bgtaskmgr:samgr_class get;
 allow hidumper_service sa_bluetooth_server:samgr_class get;
 allow hidumper_service sa_comm_dns_manager_service:samgr_class get;
 allow hidumper_service sa_comm_ethernet_manager_service:samgr_class get;
+allow hidumper_service sa_comm_mdns_manager_service:samgr_class get;
 allow hidumper_service sa_comm_net_stats_manager_service:samgr_class get;
 allow hidumper_service sa_dataobs_mgr_service_service:samgr_class get;
 allow hidumper_service sa_device_usage_statistics_service:samgr_class get;
diff --git a/sepolicy/ohos_policy/telephony/telephony_sa/system/system_core_hap.te b/sepolicy/ohos_policy/telephony/telephony_sa/system/system_core_hap.te
index f5333ac268e6629844374aaa5533e7161ab23190..9a59f384c9d9a718ed7022cc350a904791d28ca3 100644
--- a/sepolicy/ohos_policy/telephony/telephony_sa/system/system_core_hap.te
+++ b/sepolicy/ohos_policy/telephony/telephony_sa/system/system_core_hap.te
@@ -12,6 +12,7 @@
 # limitations under the License.
 
 allow system_core_hap sa_comm_ethernet_manager_service:samgr_class get;
+allow system_core_hap sa_comm_mdns_manager_service:samgr_class get;
 allow system_core_hap sa_foundation_tel_call_manager:samgr_class get;
 allow system_core_hap sa_foundation_tel_state_registry:samgr_class get;
 allow system_core_hap sa_net_policy_manager:samgr_class get;