diff --git a/public/domain.te b/public/domain.te
index d70499c34e44d68845c400f752c8167b3196aeea..ae32b60fc2ad082e92935a491a33d5b430de9a8f 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -698,6 +698,7 @@ full_treble_only(`
         -appdomain
         -idmap
         -init
+        -installd
         -system_server
         -zygote
     } vendor_overlay_file:dir { getattr open read search };
@@ -707,6 +708,7 @@ full_treble_only(`
         -appdomain
         -idmap
         -init
+        -installd
         -system_server
         -zygote
     } vendor_overlay_file:{ file lnk_file } r_file_perms;
diff --git a/public/installd.te b/public/installd.te
index 774ba49e1c0e881de42802a8d7cfe1eb1651d89b..c5b45b461ce664742735f96c195403b62c1049a1 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -29,6 +29,8 @@ r_dir_file(installd, rootfs)
 r_dir_file(installd, system_file)
 # Scan through APKs in /vendor/app
 r_dir_file(installd, vendor_app_file)
+# Scan through Runtime Resource Overlay APKs in /vendor/overlay
+r_dir_file(installd, vendor_overlay_file)
 # Get file context
 allow installd file_contexts_file:file r_file_perms;
 # Get seapp_context