diff --git a/private/service_contexts b/private/service_contexts
index 3b01c0b8d88f3ed379b48c5fc2b6eda5dd8713c4..6f467931cec28e809238e31924a2914a1ccdfebf 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -103,6 +103,7 @@ network_time_update_service u:object_r:network_time_update_service
nfc u:object_r:nfc_service:s0
notification u:object_r:notification_service:s0
otadexopt u:object_r:otadexopt_service:s0
+overlay u:object_r:overlay_service:s0
package u:object_r:package_service:s0
permission u:object_r:permission_service:s0
persistent_data_block u:object_r:persistent_data_block_service:s0
diff --git a/public/idmap.te b/public/idmap.te
index 1ab497ee07d8755d93cc83a5aa38358d2de2d93c..61f1e1cc172bc2c5a77a8e54956a7025f5d752b4 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -8,3 +8,4 @@ allow idmap resourcecache_data_file:file { getattr read write };
# Open and read from target and overlay apk files passed by argument.
allow idmap apk_data_file:file r_file_perms;
+allow idmap apk_data_file:dir search;
diff --git a/public/service.te b/public/service.te
index 7ef2711844f2e4e2caf5d139d83652567a0f2846..c8cd4de1876458448f61557df63adfd8552bc291 100644
--- a/public/service.te
+++ b/public/service.te
@@ -96,6 +96,7 @@ type network_score_service, system_api_service, system_server_service, service_m
type network_time_update_service, system_server_service, service_manager_type;
type notification_service, app_api_service, system_server_service, service_manager_type;
type otadexopt_service, system_server_service, service_manager_type;
+type overlay_service, system_server_service, service_manager_type;
type package_service, app_api_service, system_server_service, service_manager_type;
type permission_service, app_api_service, system_server_service, service_manager_type;
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;