diff --git a/untrusted_app.te b/untrusted_app.te
index f29149e3d2f8d39fc69cd3abcbbac1042599ecc1..5af4e954a9a04dee8e424e0c2f73b03b6ecfffb2 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -82,3 +82,7 @@ neverallow untrusted_app service_manager_type:service_manager add;
 neverallow untrusted_app property_socket:sock_file write;
 neverallow untrusted_app init:unix_stream_socket connectto;
 neverallow untrusted_app property_type:property_service set;
+
+# Allow verifier to access staged apks.
+allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
+allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;