Add policies for system_server to delete fpdata folder

Bug: 26211308 Change-Id: I8fd2d14ea52d49a33e6cdbcdf90630eea89f7dd0
author: Amith Yamasani <yamasani@google.com> 2015-12-15 17:20:06 -0800
committer: Amith Yamasani <yamasani@google.com> 2015-12-17 12:33:06 -0800
commit: 107c55393c680eb14d5dee11f060b943b8d2e9aa (patch)
tree: 11fa4a922b19c34ac814a49acbb9a3a69cad16d4
parent: cb1ab9858e4f44ee87c4a86f1cc9e858b8b36475 (diff)
download: sepolicy-107c55393c680eb14d5dee11f060b943b8d2e9aa.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te
index 96d8773..2616c46 100644
--- a/system_server.te
+++ b/system_server.te
@@ -424,7 +424,9 @@ allow system_server sdcard_type:dir { getattr search };
 allow system_server mnt_expand_file:dir r_dir_perms;
 
 # Allow system process to relabel the fingerprint directory after mkdir
-allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+# and delete the directory and files when no longer needed
+allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
+allow system_server fingerprintd_data_file:file { getattr unlink };
 
 userdebug_or_eng(`
   # Allow system server to create and write method traces in /data/misc/trace.
author	Amith Yamasani <yamasani@google.com>	2015-12-15 17:20:06 -0800
committer	Amith Yamasani <yamasani@google.com>	2015-12-17 12:33:06 -0800
commit	107c55393c680eb14d5dee11f060b943b8d2e9aa (patch)
tree	11fa4a922b19c34ac814a49acbb9a3a69cad16d4
parent	cb1ab9858e4f44ee87c4a86f1cc9e858b8b36475 (diff)
download	sepolicy-107c55393c680eb14d5dee11f060b943b8d2e9aa.tar.gz