diff --git a/dex2oat.te b/dex2oat.te
index f7de25d6561e661237034af55108fdb49121b2c9..0eb3881e98e34ef712ed6a05e20e402daf6a0c6e 100644
--- a/dex2oat.te
+++ b/dex2oat.te
@@ -13,3 +13,4 @@ allow dex2oat installd:fd use;
 allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
+allow dex2oat apk_tmp_file:file read;
diff --git a/file_contexts b/file_contexts
index e20638e380695edf1814742cc31499fd10cd5674..45a3549c08ed9e5318f68eddc5c4a7af0e9f2a02 100644
--- a/file_contexts
+++ b/file_contexts
@@ -204,7 +204,9 @@
 /data/adb(/.*)?		u:object_r:adb_data_file:s0
 /data/anr(/.*)?		u:object_r:anr_data_file:s0
 /data/app(/.*)?                       u:object_r:apk_data_file:s0
-/data/app/vmdl.*\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
+/data/app/[^/]+/oat(/.*)?                u:object_r:dalvikcache_data_file:s0
+/data/app/vmdl[^/]+\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
+/data/app/vmdl[^/]+\.tmp/oat(/.*)?           u:object_r:dalvikcache_data_file:s0
 /data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
diff --git a/installd.te b/installd.te
index 46e6b81122aa2201d319dbdfb55528d23c6297ba..2187a156894b69dc6981abe9c51ca5401ef575a1 100644
--- a/installd.te
+++ b/installd.te
@@ -5,11 +5,13 @@ type installd_exec, exec_type, file_type;
 init_daemon_domain(installd)
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
-allow installd apk_data_file:file rename;
-allow installd apk_data_file:dir create_dir_perms;
+allow installd apk_data_file:file { rename unlink };
+allow installd dalvikcache_data_file:dir relabelto;
+allow installd apk_data_file:dir { create_dir_perms relabelfrom };
 allow installd apk_data_file:lnk_file { create read unlink };
 allow installd asec_apk_file:file r_file_perms;
-allow installd apk_tmp_file:file r_file_perms;
+allow installd apk_tmp_file:file { r_file_perms unlink };
+allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
 allow installd oemfs:dir r_dir_perms;
 allow installd oemfs:file r_file_perms;
 allow installd system_file:file x_file_perms;