Selinux: Allow system_server to create fpdata dir.

Fixes avc errors; avc: denied { relabelto } for name="fpdata" dev="mmcblk0p28" ino=586465 scontext=u:r:system_server:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0 avc: denied { read } for name="fpdata" dev="mmcblk0p28" ino=586409 scontext=u:r:system_server:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0 Change-Id: I3ba16af14632d803e09ac1490af9a0b652cba3a6

Selinux: Allow system_server to create fpdata dir.
a39b131e · Jim Miller · 5d78c07d · a39b131e
Commit a39b131e authored 9 years ago by Jim Miller
--- a/system_server.te
+++ b/system_server.te
@@ -429,6 +429,9 @@ allow system_server sdcard_type:dir { getattr search };
 # Traverse into expanded storage
 allow system_server mnt_expand_file:dir r_dir_perms;

+# Allow system process to relabel the fingerprint directory after mkdir
+allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+
 ###
 ### Neverallow rules
 ###