diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
index 44ecb053d7cae12ccc0df6b03dc53109d0e8d518..4b1849de42342517da3667590b6d62ab91926f6f 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
@@ -139,3 +139,7 @@ allow netmanager data_service_el1_file:dir { search getattr read open };
 allow netmanager data_service_el1_file:file { getattr read open };
 allow netmanager dev_at_file:chr_file { ioctl };
 allowxperm netmanager dev_at_file:chr_file ioctl { 0x5413 };
+
+allow netmanager hdf_device_manager:hdf_devmgr_class { get };
+allow netmanager hdf_ethernet_service:hdf_devmgr_class { get };
+allow netmanager ethernet_host:unix_dgram_socket { sendto };
diff --git a/sepolicy/ohos_policy/drivers/adapter/public/hdf_service.te b/sepolicy/ohos_policy/drivers/adapter/public/hdf_service.te
index f65fdaeea4545f3df22e698009b0e37fbde608bb..15c357a6fad7f23f6ce245ab0262a69bdffce628 100644
--- a/sepolicy/ohos_policy/drivers/adapter/public/hdf_service.te
+++ b/sepolicy/ohos_policy/drivers/adapter/public/hdf_service.te
@@ -91,3 +91,5 @@ type hdf_sample1_driver_service, hdf_service_attr;
 type hdf_intell_voice_engine_manager_service, hdf_service_attr;
 type hdf_intell_voice_trigger_manager_service, hdf_service_attr;
 type hdf_camera_service_usb, hdf_service_attr;
+
+type hdf_ethernet_service, hdf_service_attr;
diff --git a/sepolicy/ohos_policy/drivers/adapter/public/hdf_service_contexts b/sepolicy/ohos_policy/drivers/adapter/public/hdf_service_contexts
index 8bf5f9125ba6296b4f45981422a070749259d2e4..55271cb7a6af830e4ad9316912ea2ea197a8abe6 100644
--- a/sepolicy/ohos_policy/drivers/adapter/public/hdf_service_contexts
+++ b/sepolicy/ohos_policy/drivers/adapter/public/hdf_service_contexts
@@ -96,3 +96,5 @@ sample1_driver_service                  u:object_r:hdf_sample1_driver_service:s0
 
 intell_voice_engine_manager_service     u:object_r:hdf_intell_voice_engine_manager_service:s0
 intell_voice_trigger_manager_service    u:object_r:hdf_intell_voice_trigger_manager_service:s0
+
+ethernet_service                   u:object_r:hdf_ethernet_service:s0
diff --git a/sepolicy/ohos_policy/drivers/adapter/public/type.te b/sepolicy/ohos_policy/drivers/adapter/public/type.te
index 47dfb18b1c89fbeb9830b94e3bb6e49a75d683f7..3567f78473ff5da039a007df1a0534a23a4e8666 100644
--- a/sepolicy/ohos_policy/drivers/adapter/public/type.te
+++ b/sepolicy/ohos_policy/drivers/adapter/public/type.te
@@ -45,3 +45,5 @@ type hdf_devhost_exec, exec_attr, file_attr, system_file_attr;
 type dev_hdf_kevent, dev_attr;
 type dev_hdfwifi, dev_attr;
 type intell_voice_host, hdfdomain, domain;
+
+type ethernet_host, hdfdomain, domain;
diff --git a/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_devmgr.te b/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_devmgr.te
index 9657e838314088850e65948bdfed9a7719be54fd..8186995cf14196a664c8943b25bf675c087ed1f5 100644
--- a/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_devmgr.te
+++ b/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_devmgr.te
@@ -225,3 +225,8 @@ allow hdf_devmgr wifi_manager_service:binder { transfer };
 
 allow hdf_devmgr bootevent_param:file { map open read };
 allow hdf_devmgr bootevent_samgr_param:file { map open read };
+
+allow hdf_devmgr ethernet_host:binder { call transfer };
+allow hdf_devmgr ethernet_host:file { read open };
+allow hdf_devmgr ethernet_host:process { getattr };
+allow hdf_devmgr ethernet_host:dir { search };
diff --git a/sepolicy/ohos_policy/drivers/adapter/vendor/init.te b/sepolicy/ohos_policy/drivers/adapter/vendor/init.te
index 4b4a88f9759b5bbb60d9d939ec5fe3109510fb6d..33f639da22f18dae1fc2ec8705deea7cfc54a1f2 100644
--- a/sepolicy/ohos_policy/drivers/adapter/vendor/init.te
+++ b/sepolicy/ohos_policy/drivers/adapter/vendor/init.te
@@ -16,3 +16,5 @@
 #avc:  denied  { siginh } for  pid=1970 comm="hdf_devhost" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1
 #avc:  denied  { sigkill } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1
 allow init sample_host:process { rlimitinh siginh transition sigkill };
+
+allow init ethernet_host:process { rlimitinh siginh transition sigkill };
diff --git a/sepolicy/ohos_policy/drivers/peripheral/ethernet/vendor/ethernet_host.te b/sepolicy/ohos_policy/drivers/peripheral/ethernet/vendor/ethernet_host.te
new file mode 100644
index 0000000000000000000000000000000000000000..78e550c43dea18470d2d68276f07fdb39dba3474
--- /dev/null
+++ b/sepolicy/ohos_policy/drivers/peripheral/ethernet/vendor/ethernet_host.te
@@ -0,0 +1,47 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+allow ethernet_host chip_prod_file:dir { search };
+allow ethernet_host dev_console_file:chr_file { read write };
+allow ethernet_host dev_hdf_kevent:chr_file { open read write ioctl getattr };
+allow ethernet_host dev_unix_socket:dir { search };
+allow ethernet_host hdf_device_manager:hdf_devmgr_class { get };
+allow ethernet_host hdf_devmgr:binder { call transfer };
+allow ethernet_host hdf_ethernet_service:hdf_devmgr_class { add };
+allow ethernet_host hilog_param:file { open read map };
+allow ethernet_host musl_param:file { open read map };
+allow ethernet_host sa_device_service_manager:samgr_class { get };
+allow ethernet_host samgr:binder { call };
+allow ethernet_host sh:binder { call };
+allow ethernet_host vendor_etc_file:dir { open read getattr search };
+allow ethernet_host vendor_etc_file:file { open read getattr };
+allowxperm ethernet_host dev_hdf_kevent:chr_file ioctl { 0x6202 0x6203 };
+
+# avc: denied { search } for pid=7426, comm="/vendor/bin/hdf_devhost"  name="/lib64" dev="overlay" ino=1 scontext=u:r:ethernet_host:s0 tcontext=u:object_r:chip_prod_file:s0 tclass=dir permissive=0
+allow ethernet_host chip_prod_file:dir { search };
+
+# avc: denied { search } for pid=7426, comm="/vendor/bin/hdf_devhost"  name="/service" dev="/dev/block/platform/b0000000.hi_pcie/by-name/userdata" ino=9 scontext=u:r:ethernet_host:s0 tcontext=u:object_r:data_service_file:s0 tclass=dir permissive=0
+allow ethernet_host data_service_file:dir { search };
+
+# avc: denied { write } for pid=7426, comm="/vendor/bin/hdf_devhost"  path="/dev/kmsg" dev="" ino=27 scontext=u:r:ethernet_host:s0 tcontext=u:object_r:dev_kmsg_file:s0 tclass=chr_file permissive=0
+allow ethernet_host dev_kmsg_file:chr_file { write };
+
+# avc: denied { search } for pid=7426, comm="/vendor/bin/hdf_devhost"  name="/unix/socket" dev="" ino=190 scontext=u:r:ethernet_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=0
+allow ethernet_host dev_unix_socket:dir { search };
+
+# avc: denied { supervsable } for pid=7426, comm="/bin/init"  scontext=u:r:ethernet_host:s0 tcontext=u:r:ethernet_host:s0 tclass=hmcap permissive=0
+allow ethernet_host ethernet_host:hmcap { supervsable };
+
+# avc: denied { call } for pid=7426, comm="/vendor/bin/hdf_devhost"  scontext=u:r:ethernet_host:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=0
+allow ethernet_host samgr:binder { call };
+
diff --git a/sepolicy/ohos_policy/startup/init/public/chipset_init.te b/sepolicy/ohos_policy/startup/init/public/chipset_init.te
index 2d5f8ada66a3c1b74014cddcec930cce8c3dbb69..5a95145ba760f2ee15d261cfafcfc9b58342c457 100644
--- a/sepolicy/ohos_policy/startup/init/public/chipset_init.te
+++ b/sepolicy/ohos_policy/startup/init/public/chipset_init.te
@@ -79,7 +79,7 @@ allow hidumper_service chipset_init:lnk_file read;
 #for for start process in subcontext  hdf_devhost.cfg
 chipset_init_daemon_domain(hdf_devmgr);
 allow chipset_init { user_auth_host pin_auth_host fingerprint_auth_host face_auth_host codec_host vibrator_host sensor_host }:process { rlimitinh siginh transition };
-allow chipset_init { light_host input_user_host wifi_host camera_host power_host audio_host }:process { rlimitinh siginh transition };
+allow chipset_init { light_host input_user_host wifi_host camera_host power_host audio_host ethernet_host }:process { rlimitinh siginh transition };
 allow chipset_init { usb_host blue_host partitionslot_host location_host dcamera_host a2dp_host daudio_host sample_host intell_voice_host }:process { rlimitinh siginh transition };
 
 #for init.usb.configfs.cfg