From 0fe31e04eacdb5231fccf87e56db112d10bf1222 Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Thu, 26 Apr 2018 13:41:13 -0700
Subject: [PATCH] Allow vold_prepare_subdirs to delete more files.

Bug: 78591623
Test: Create a new user with a fingerprint. Reboot. Delete that user.
    Check for denials, files left over in /data/*_{c,d}e/10
Merged-In: Ib818e112a98c5b954ee829e93ebd69c3b12940cf
Change-Id: Ib818e112a98c5b954ee829e93ebd69c3b12940cf
---
 private/vold_prepare_subdirs.te | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index ab1825824..0a115584a 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -13,9 +13,14 @@ allow vold_prepare_subdirs {
   system_data_file
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
-allow vold_prepare_subdirs system_data_file:file { getattr unlink };
-allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir relabelto };
-allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
-allow vold_prepare_subdirs storaged_data_file:dir { create_dir_perms relabelto };
-allow vold_prepare_subdirs storaged_data_file:file getattr;
-allow vold_prepare_subdirs fingerprint_vendor_data_file:dir { create_dir_perms relabelto };
+allow vold_prepare_subdirs {
+    fingerprint_vendor_data_file
+    storaged_data_file
+    vold_data_file
+}:dir { create_dir_perms relabelto };
+allow vold_prepare_subdirs {
+    fingerprint_vendor_data_file
+    storaged_data_file
+    system_data_file
+    vold_data_file
+}:file { getattr unlink };
-- 
GitLab