diff --git a/installd.te b/installd.te
index 3ce2c5d0895976089b62923c0c27267364b41f7b..d17cd4773d0bd762f2c72b8041944e9da1305931 100644
--- a/installd.te
+++ b/installd.te
@@ -17,8 +17,9 @@ selinux_check_context(installd)
 # Read /seapp_contexts and /data/security/seapp_contexts
 security_access_policy(installd)
 
-# Search /data/app-asec.
+# Search /data/app-asec and stat files in it.
 allow installd asec_image_file:dir search;
+allow installd asec_image_file:file getattr;
 
 # Create /data/user and /data/user/0 if necessary.
 # Also required to initially create /data/data subdirectories
@@ -29,7 +30,7 @@ allow installd system_data_file:lnk_file { create setattr unlink };
 
 # Upgrade /data/media for multi-user if necessary.
 allow installd media_rw_data_file:dir create_dir_perms;
-allow installd media_rw_data_file:file unlink;
+allow installd media_rw_data_file:file { getattr unlink };
 # restorecon new /data/media directory.
 allow installd system_data_file:dir relabelfrom;
 allow installd media_rw_data_file:dir relabelto;