diff --git a/private/apexd.te b/private/apexd.te
index 61e099bf9c8903301bbf2d32e1460c09e568224b..7a1e4e241ffdf248dcfee134ba3c766e72bcebc8 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -40,6 +40,11 @@ allow apexd apex_mnt_dir:dir mounton;
 # allow apexd to create symlinks in /apex
 allow apexd apex_mnt_dir:lnk_file create_file_perms;
 
+# allow apexd to relabel apk_tmp_file to apex_data_file.
+# TODO(b/112669193) remove this when APEXes are staged via file descriptor
+allow apexd apk_tmp_file:file relabelfrom;
+allow apexd apex_data_file:file relabelto;
+
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };