Allow vold_prepare_subdirs to delete more files.
Bug: 78591623
Test: Create a new user with a fingerprint. Reboot. Delete that user.
Check for denials, files left over in /data/*_{c,d}e/10
Merged-In: Ib818e112a98c5b954ee829e93ebd69c3b12940cf
Change-Id: Ib818e112a98c5b954ee829e93ebd69c3b12940cf
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 89b1528..4e89d64 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -13,8 +13,12 @@
system_data_file
vendor_data_file
}:dir { open read write add_name remove_name rmdir relabelfrom };
-allow vold_prepare_subdirs system_data_file:file { getattr unlink };
-allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir relabelto };
-allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
-allow vold_prepare_subdirs storaged_data_file:dir { create_dir_perms relabelto };
-allow vold_prepare_subdirs storaged_data_file:file getattr;
+allow vold_prepare_subdirs {
+ storaged_data_file
+ vold_data_file
+}:dir { create_dir_perms relabelto };
+allow vold_prepare_subdirs {
+ storaged_data_file
+ system_data_file
+ vold_data_file
+}:file { getattr unlink };