Introduce a separate wallpaper_file type for the wallpaper file.
diff --git a/app.te b/app.te
index fa16910..99c8e6a 100644
--- a/app.te
+++ b/app.te
@@ -96,6 +96,9 @@
# lib subdirectory of /data/data dir is system-owned.
allow appdomain system_data_file:dir r_dir_perms;
+# Read/write wallpaper file (opened by system).
+allow appdomain wallpaper_file:file { read write };
+
# Use the Binder.
binder_use(appdomain)
# Perform binder IPC to binder services.
diff --git a/file.te b/file.te
index a7318c4..7d7f5fc 100644
--- a/file.te
+++ b/file.te
@@ -52,6 +52,8 @@
type cache_file, file_type, mlstrustedobject;
# Default type for anything under /efs
type efs_file, file_type;
+# Type for wallpaper file.
+type wallpaper_file, file_type;
# Socket types
type bluetooth_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 550fa9a..9c8325a 100644
--- a/file_contexts
+++ b/file_contexts
@@ -118,6 +118,8 @@
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
# App sandboxes
/data/data/.* u:object_r:app_data_file:s0
+# Wallpaper file.
+/data/data/com.android.settings/files/wallpaper u:object_r:wallpaper_file:s0
#############################
# efs files
#
diff --git a/system.te b/system.te
index 8740c6b..7f299c9 100644
--- a/system.te
+++ b/system.te
@@ -15,6 +15,9 @@
allow system_app system_data_file:dir create_dir_perms;
allow system_app system_data_file:file create_file_perms;
+# Read wallpaper file.
+allow system_app wallpaper_file:file r_file_perms;
+
# Write to dalvikcache.
allow system_app dalvikcache_data_file:file { write setattr };
@@ -137,6 +140,11 @@
allow system apk_tmp_file:file { relabelfrom relabelto };
allow system apk_data_file:file { relabelfrom relabelto };
+# Relabel wallpaper.
+allow system system_data_file:file relabelfrom;
+allow system wallpaper_file:file relabelto;
+allow system wallpaper_file:file r_file_perms;
+
# Create a socket for receiving info from wpa.
type_transition system wifi_data_file:sock_file system_wpa_socket;
allow system system_wpa_socket:sock_file create_file_perms;