diff --git a/app.te b/app.te
index fa16910a53f13ac197bd8148b9b9e11bc35f287e..99c8e6a528a0fc5059d971388dd4aa901c67d695 100644
--- a/app.te
+++ b/app.te
@@ -96,6 +96,9 @@ allow appdomain app_data_file:notdevfile_class_set create_file_perms;
 # lib subdirectory of /data/data dir is system-owned.
 allow appdomain system_data_file:dir r_dir_perms;
 
+# Read/write wallpaper file (opened by system).
+allow appdomain wallpaper_file:file { read write };
+
 # Use the Binder.
 binder_use(appdomain)
 # Perform binder IPC to binder services.
diff --git a/file.te b/file.te
index a7318c4ad3d50e892873f8247c1ae2168345d0b9..7d7f5fc9ea0146c993f82c50627b1f8c0fe1212d 100644
--- a/file.te
+++ b/file.te
@@ -52,6 +52,8 @@ type app_data_file, file_type, data_file_type;
 type cache_file, file_type, mlstrustedobject;
 # Default type for anything under /efs
 type efs_file, file_type;
+# Type for wallpaper file.
+type wallpaper_file, file_type;
 
 # Socket types
 type bluetooth_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 550fa9a4e4d1250a24e06b1d24546ee98d1db1e7..9c8325a2b181e4fe29c93409e6d6175de81734c4 100644
--- a/file_contexts
+++ b/file_contexts
@@ -118,6 +118,8 @@
 /data/misc/wifi(/.*)?		u:object_r:wifi_data_file:s0
 # App sandboxes
 /data/data/.*		u:object_r:app_data_file:s0
+# Wallpaper file.
+/data/data/com.android.settings/files/wallpaper	u:object_r:wallpaper_file:s0
 #############################
 # efs files
 #
diff --git a/system.te b/system.te
index 8740c6b0f3463c67de6c5a86215782e3be8355a6..7f299c92e882d93365c5f741a563e4ec8c7cc37f 100644
--- a/system.te
+++ b/system.te
@@ -15,6 +15,9 @@ binder_transfer(system_app, appdomain)
 allow system_app system_data_file:dir create_dir_perms;
 allow system_app system_data_file:file create_file_perms;
 
+# Read wallpaper file.
+allow system_app wallpaper_file:file r_file_perms;
+
 # Write to dalvikcache.
 allow system_app dalvikcache_data_file:file { write setattr };
 
@@ -137,6 +140,11 @@ allow system rootfs:file r_file_perms;
 allow system apk_tmp_file:file { relabelfrom relabelto };
 allow system apk_data_file:file { relabelfrom relabelto };
 
+# Relabel wallpaper.
+allow system system_data_file:file relabelfrom;
+allow system wallpaper_file:file relabelto;
+allow system wallpaper_file:file r_file_perms;
+
 # Create a socket for receiving info from wpa.
 type_transition system wifi_data_file:sock_file system_wpa_socket;
 allow system system_wpa_socket:sock_file create_file_perms;