Allow system_server to hard link its own files

Specifically, backup of wallpaper imagery needs to use hard links to achieve "real file" access to the large imagery files without rewriting the contents all the time just to stage for backup. They can't be symlinks because the underlying backup mechanisms refuse to act on symbolic links for other security reasons. Bug 25727875 Change-Id: Ic48fba3f94c92a4b16ced27a23646296acf8f3a5
2016-04-20 12:36:53 -07:00 · 2016-04-20 12:36:53 -07:00 · d9b0a34ad4
commit d9b0a34ad4
parent 44f40a7ecf
1 changed files with 2 additions and 0 deletions
--- a/system_server.te
+++ b/system_server.te
@ -292,6 +292,8 @@ allow system_server system_data_file:file relabelfrom;
 allow system_server wallpaper_file:file relabelto;
 allow system_server wallpaper_file:file { rw_file_perms unlink };

+# Backup of wallpaper imagery uses temporary hard links to avoid data churn
+allow system_server { system_data_file wallpaper_file }:file link;

 # ShortcutManager icons
 allow system_server system_data_file:dir relabelfrom;