Allow vold_prepare_subdirs to delete more files.

Bug: 78591623 Test: Create a new user with a fingerprint. Reboot. Delete that user. Check for denials, files left over in /data/*_{c,d}e/10 Merged-In: Ib818e112a98c5b954ee829e93ebd69c3b12940cf Change-Id: Ib818e112a98c5b954ee829e93ebd69c3b12940cf

Allow vold_prepare_subdirs to delete more files.
80966397 · Paul Crowley · c58f3de7 · 80966397
Commit 80966397 authored 6 years ago by Paul Crowley
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -13,8 +13,12 @@ allow vold_prepare_subdirs {
  system_data_file
  vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
-allow vold_prepare_subdirs system_data_file:file { getattr unlink };
+allow vold_prepare_subdirs {
-allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir relabelto };
+    storaged_data_file
-allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
+    vold_data_file
-allow vold_prepare_subdirs storaged_data_file:dir { create_dir_perms relabelto };
+}:dir { create_dir_perms relabelto };
-allow vold_prepare_subdirs storaged_data_file:file getattr;
+allow vold_prepare_subdirs {
+    storaged_data_file
+    system_data_file
+    vold_data_file
+}:file { getattr unlink };