From 4fc1397d973c5f3c75e6033b8d328c2781dcaa8b Mon Sep 17 00:00:00 2001
From: Amith Yamasani <yamasani@google.com>
Date: Tue, 15 Dec 2015 17:20:06 -0800
Subject: Add policies for system_server to delete fpdata folder

Bug: 26211308
Change-Id: I8fd2d14ea52d49a33e6cdbcdf90630eea89f7dd0
---
 system_server.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'system_server.te')

diff --git a/system_server.te b/system_server.te
index c9d8f3b..a56beff 100644
--- a/system_server.te
+++ b/system_server.te
@@ -432,7 +432,9 @@ allow system_server sdcard_type:dir { getattr search };
 allow system_server mnt_expand_file:dir r_dir_perms;
 
 # Allow system process to relabel the fingerprint directory after mkdir
-allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+# and delete the directory and files when no longer needed
+allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
+allow system_server fingerprintd_data_file:file { getattr unlink };
 
 ###
 ### Neverallow rules
-- 
cgit v1.2.3