Add policies for system_server to delete fpdata folder

Bug: 26211308 Change-Id: I8fd2d14ea52d49a33e6cdbcdf90630eea89f7dd0
author: Amith Yamasani <yamasani@google.com> 2015-12-15 17:20:06 -0800
committer: Amith Yamasani <yamasani@google.com> 2015-12-18 00:26:17 +0000
commit: 4fc1397d973c5f3c75e6033b8d328c2781dcaa8b (patch)
tree: 84e01fb2b8535d13b332e4398a16a72f9a2480d5
parent: 1c749e0769b7d0dbe510b9d77d1b81cd817956d4 (diff)
download: android_external_sepolicy-4fc1397d973c5f3c75e6033b8d328c2781dcaa8b.tar.gz
android_external_sepolicy-4fc1397d973c5f3c75e6033b8d328c2781dcaa8b.tar.bz2
android_external_sepolicy-4fc1397d973c5f3c75e6033b8d328c2781dcaa8b.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te
index c9d8f3b..a56beff 100644
--- a/system_server.te
+++ b/system_server.te
@@ -432,7 +432,9 @@ allow system_server sdcard_type:dir { getattr search };
 allow system_server mnt_expand_file:dir r_dir_perms;
 
 # Allow system process to relabel the fingerprint directory after mkdir
-allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+# and delete the directory and files when no longer needed
+allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
+allow system_server fingerprintd_data_file:file { getattr unlink };
 
 ###
 ### Neverallow rules
author	Amith Yamasani <yamasani@google.com>	2015-12-15 17:20:06 -0800
committer	Amith Yamasani <yamasani@google.com>	2015-12-18 00:26:17 +0000
commit	4fc1397d973c5f3c75e6033b8d328c2781dcaa8b (patch)
tree	84e01fb2b8535d13b332e4398a16a72f9a2480d5
parent	1c749e0769b7d0dbe510b9d77d1b81cd817956d4 (diff)
download	android_external_sepolicy-4fc1397d973c5f3c75e6033b8d328c2781dcaa8b.tar.gz android_external_sepolicy-4fc1397d973c5f3c75e6033b8d328c2781dcaa8b.tar.bz2 android_external_sepolicy-4fc1397d973c5f3c75e6033b8d328c2781dcaa8b.zip