From d9b0a34ad4c0797e7e648c0dfa4ce0866f6d62fe Mon Sep 17 00:00:00 2001
From: Christopher Tate <ctate@google.com>
Date: Wed, 20 Apr 2016 12:36:53 -0700
Subject: [PATCH] Allow system_server to hard link its own files

Specifically, backup of wallpaper imagery needs to use hard links to
achieve "real file" access to the large imagery files without rewriting
the contents all the time just to stage for backup.  They can't be
symlinks because the underlying backup mechanisms refuse to act on
symbolic links for other security reasons.

Bug 25727875

Change-Id: Ic48fba3f94c92a4b16ced27a23646296acf8f3a5
---
 system_server.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/system_server.te b/system_server.te
index 1d2677eaa..40c47cf16 100644
--- a/system_server.te
+++ b/system_server.te
@@ -292,6 +292,8 @@ allow system_server system_data_file:file relabelfrom;
 allow system_server wallpaper_file:file relabelto;
 allow system_server wallpaper_file:file { rw_file_perms unlink };
 
+# Backup of wallpaper imagery uses temporary hard links to avoid data churn
+allow system_server { system_data_file wallpaper_file }:file link;
 
 # ShortcutManager icons
 allow system_server system_data_file:dir relabelfrom;
-- 
GitLab