diff --git a/public/domain.te b/public/domain.te
index 168e0bbdb76f263769b8eebc8ec61c45f2e75852..cd2b30f5516fe1fbbe9393aae77f07a5541f06a5 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -695,6 +695,7 @@ full_treble_only(`
         -appdomain
         -idmap
         -init
+        -installd
         -system_server
         -zygote
     } vendor_overlay_file:dir { getattr open read search };
@@ -704,6 +705,7 @@ full_treble_only(`
         -appdomain
         -idmap
         -init
+        -installd
         -system_server
         -zygote
     } vendor_overlay_file:{ file lnk_file } r_file_perms;
diff --git a/public/installd.te b/public/installd.te
index 774ba49e1c0e881de42802a8d7cfe1eb1651d89b..c5b45b461ce664742735f96c195403b62c1049a1 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -29,6 +29,8 @@ r_dir_file(installd, rootfs)
 r_dir_file(installd, system_file)
 # Scan through APKs in /vendor/app
 r_dir_file(installd, vendor_app_file)
+# Scan through Runtime Resource Overlay APKs in /vendor/overlay
+r_dir_file(installd, vendor_overlay_file)
 # Get file context
 allow installd file_contexts_file:file r_file_perms;
 # Get seapp_context