diff --git a/core/java/com/android/server/SystemConfig.java b/core/java/com/android/server/SystemConfig.java
index d40924b603a58..21ca948fa89cb 100644
--- a/core/java/com/android/server/SystemConfig.java
+++ b/core/java/com/android/server/SystemConfig.java
@@ -229,6 +229,7 @@ public class SystemConfig {
     private ArrayMap<String, Set<String>> mPackageToUserTypeBlacklist = new ArrayMap<>();
 
     private final ArraySet<String> mRollbackWhitelistedPackages = new ArraySet<>();
+    private final ArraySet<String> mWhitelistedStagedInstallers = new ArraySet<>();
 
     /**
      * Map of system pre-defined, uniquely named actors; keys are namespace,
@@ -394,6 +395,10 @@ public class SystemConfig {
         return mRollbackWhitelistedPackages;
     }
 
+    public Set<String> getWhitelistedStagedInstallers() {
+        return mWhitelistedStagedInstallers;
+    }
+
     public ArraySet<String> getAppDataIsolationWhitelistedApps() {
         return mAppDataIsolationWhitelistedApps;
     }
@@ -1137,6 +1142,20 @@ public class SystemConfig {
                         }
                         XmlUtils.skipCurrentTag(parser);
                     } break;
+                    case "whitelisted-staged-installer": {
+                        if (allowAppConfigs) {
+                            String pkgname = parser.getAttributeValue(null, "package");
+                            if (pkgname == null) {
+                                Slog.w(TAG, "<" + name + "> without package in " + permFile
+                                        + " at " + parser.getPositionDescription());
+                            } else {
+                                mWhitelistedStagedInstallers.add(pkgname);
+                            }
+                        } else {
+                            logNotAllowedInPartition(name, permFile, parser);
+                        }
+                        XmlUtils.skipCurrentTag(parser);
+                    } break;
                     default: {
                         Slog.w(TAG, "Tag " + name + " is unknown in "
                                 + permFile + " at " + parser.getPositionDescription());
diff --git a/services/tests/servicestests/src/com/android/server/systemconfig/SystemConfigTest.java b/services/tests/servicestests/src/com/android/server/systemconfig/SystemConfigTest.java
index eef9012b005b4..10981ab495132 100644
--- a/services/tests/servicestests/src/com/android/server/systemconfig/SystemConfigTest.java
+++ b/services/tests/servicestests/src/com/android/server/systemconfig/SystemConfigTest.java
@@ -16,6 +16,8 @@
 
 package com.android.server.systemconfig;
 
+import static com.google.common.truth.Truth.assertThat;
+
 import static org.junit.Assert.assertEquals;
 
 import android.platform.test.annotations.Presubmit;
@@ -164,7 +166,7 @@ public class SystemConfigTest {
 
         mSysConfig.readPermissions(folder, /* No permission needed anyway */ 0);
 
-        final ArrayMap<String, Boolean>  packageOneExpected = new ArrayMap<>();
+        final ArrayMap<String, Boolean> packageOneExpected = new ArrayMap<>();
         packageOneExpected.put("com.android.package1.Full", true);
         packageOneExpected.put("com.android.package1.Relative", false);
 
@@ -180,8 +182,48 @@ public class SystemConfigTest {
         assertEquals(packageTwoExpected, packageTwo);
     }
 
+    /**
+     * Tests that readPermissions works correctly with {@link SystemConfig#ALLOW_APP_CONFIGS}
+     * permission flag for the tag: whitelisted-staged-installer.
+     */
+    @Test
+    public void readPermissions_allowAppConfigs_parsesStagedInstallerWhitelist()
+            throws IOException {
+        final String contents =
+                "<config>\n"
+                + "    <whitelisted-staged-installer package=\"com.android.package1\" />\n"
+                + "</config>";
+        final File folder = createTempSubfolder("folder");
+        createTempFile(folder, "staged-installer-whitelist.xml", contents);
+
+        mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0);
+
+        assertThat(mSysConfig.getWhitelistedStagedInstallers())
+                .containsExactly("com.android.package1");
+    }
+
+    /**
+     * Tests that readPermissions works correctly without {@link SystemConfig#ALLOW_APP_CONFIGS}
+     * permission flag for the tag: whitelisted-staged-installer.
+     */
+    @Test
+    public void readPermissions_notAllowAppConfigs_wontParseStagedInstallerWhitelist()
+            throws IOException {
+        final String contents =
+                "<config>\n"
+                + "    <whitelisted-staged-installer package=\"com.android.package1\" />\n"
+                + "</config>";
+        final File folder = createTempSubfolder("folder");
+        createTempFile(folder, "staged-installer-whitelist.xml", contents);
+
+        mSysConfig.readPermissions(folder, /* Grant all but ALLOW_APP_CONFIGS flag */ ~0x08);
+
+        assertThat(mSysConfig.getWhitelistedStagedInstallers()).isEmpty();
+    }
+
     /**
      * Creates folderName/fileName in the mTemporaryFolder and fills it with the contents.
+     *
      * @param folderName subdirectory of mTemporaryFolder to put the file, creating if needed
      * @return the folder
      */
@@ -194,7 +236,8 @@ public class SystemConfigTest {
 
     /**
      * Creates folderName/fileName in the mTemporaryFolder and fills it with the contents.
-     * @param folder pre-existing subdirectory of mTemporaryFolder to put the file
+     *
+     * @param folder   pre-existing subdirectory of mTemporaryFolder to put the file
      * @param fileName name of the file (e.g. filename.xml) to create
      * @param contents contents to write to the file
      * @return the folder containing the newly created file (not the file itself!)