diff --git a/installd.te b/installd.te
index 36f71730c79fe063f8201ec2ec2b87281802a23d..90564d17ddfc8ca32a313f3f9f2547eeb9da252e 100644
--- a/installd.te
+++ b/installd.te
@@ -19,8 +19,9 @@ selinux_check_context(installd)
 # Read /seapp_contexts and /data/security/seapp_contexts
 security_access_policy(installd)
 
-# Search /data/app-asec.
+# Search /data/app-asec and stat files in it.
 allow installd asec_image_file:dir search;
+allow installd asec_image_file:file getattr;
 
 # Create /data/user and /data/user/0 if necessary.
 # Also required to initially create /data/data subdirectories
@@ -31,7 +32,7 @@ allow installd system_data_file:lnk_file { create setattr unlink };
 
 # Upgrade /data/media for multi-user if necessary.
 allow installd media_rw_data_file:dir create_dir_perms;
-allow installd media_rw_data_file:file unlink;
+allow installd media_rw_data_file:file { getattr unlink };
 # restorecon new /data/media directory.
 allow installd system_data_file:dir relabelfrom;
 allow installd media_rw_data_file:dir relabelto;