diff --git a/public/installd.te b/public/installd.te
index d2bb5c69f907bd29634e50bb0ae2ece636e6da6e..246fffa9e8fbb6d4c0f1943339d4693d91c325a8 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -2,7 +2,7 @@
 type installd, domain, domain_deprecated;
 type installd_exec, exec_type, file_type;
 typeattribute installd mlstrustedsubject;
-allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
+allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };
 
 # Allow labeling of files under /data/app/com.example/oat/
 allow installd dalvikcache_data_file:dir relabelto;
@@ -127,6 +127,10 @@ allow installd dumpstate:fifo_file  { getattr write };
 binder_call(installd, system_server)
 allow installd permission_service:service_manager find;
 
+# Allow installd to read and write quotas
+allow installd block_device:dir { search };
+allow installd labeledfs:filesystem { quotaget quotamod };
+
 ###
 ### Neverallow rules
 ###