From 8096639792e65d2569d10ba50f16890193880c30 Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Thu, 26 Apr 2018 13:41:13 -0700
Subject: [PATCH] Allow vold_prepare_subdirs to delete more files.

Bug: 78591623
Test: Create a new user with a fingerprint. Reboot. Delete that user.
    Check for denials, files left over in /data/*_{c,d}e/10
Merged-In: Ib818e112a98c5b954ee829e93ebd69c3b12940cf
Change-Id: Ib818e112a98c5b954ee829e93ebd69c3b12940cf
---
 private/vold_prepare_subdirs.te | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 89b152803..4e89d6488 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -13,8 +13,12 @@ allow vold_prepare_subdirs {
   system_data_file
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
-allow vold_prepare_subdirs system_data_file:file { getattr unlink };
-allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir relabelto };
-allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
-allow vold_prepare_subdirs storaged_data_file:dir { create_dir_perms relabelto };
-allow vold_prepare_subdirs storaged_data_file:file getattr;
+allow vold_prepare_subdirs {
+    storaged_data_file
+    vold_data_file
+}:dir { create_dir_perms relabelto };
+allow vold_prepare_subdirs {
+    storaged_data_file
+    system_data_file
+    vold_data_file
+}:file { getattr unlink };
-- 
GitLab