Recursively delete subdirs when deleting

Use vold_prepare_subdirs since only it has the privilege needed.

Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I90fb2517ccd177c9b009001e7a2b00f537152f8c
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 1a84e30..646a032 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -594,6 +594,18 @@
     return true;
 }
 
+static bool prepare_subdirs(const std::string& action, const std::string& dirtype,
+                            const std::string& volume_uuid, userid_t user_id,
+                            const std::string& path) {
+    if (0 != android::vold::ForkExecvp(std::vector<std::string>{"/system/bin/vold_prepare_subdirs",
+                                                                action, dirtype, volume_uuid,
+                                                                std::to_string(user_id), path})) {
+        LOG(ERROR) << "vold_prepare_subdirs failed on: " << path;
+        return false;
+    }
+    return true;
+}
+
 bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
                                   int flags) {
     LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_empty(volume_uuid)
@@ -634,12 +646,8 @@
         }
 
         if (volume_uuid.empty()) {
-            if (0 != android::vold::ForkExecvp(
-                         std::vector<std::string>{"/system/bin/vold_prepare_subdirs", "misc_de",
-                                                  misc_de_path, std::to_string(user_id), ""})) {
-                LOG(ERROR) << "vold_prepare_subdirs failed on: " << misc_de_path;
+            if (!prepare_subdirs("prepare", "misc_de", volume_uuid, user_id, misc_de_path))
                 return false;
-            }
         }
     }
 
@@ -664,23 +672,19 @@
                 if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
                 if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
 
-                // Now that credentials have been installed, we can run restorecon
-                // over these paths
-                // NOTE: these paths need to be kept in sync with libselinux
-                android::vold::RestoreconRecursive(system_ce_path);
-                android::vold::RestoreconRecursive(misc_ce_path);
             }
             if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;
             if (!ensure_policy(ce_raw_ref, user_ce_path)) return false;
         }
 
         if (volume_uuid.empty()) {
-            if (0 != android::vold::ForkExecvp(
-                         std::vector<std::string>{"/system/bin/vold_prepare_subdirs", "misc_ce",
-                                                  misc_ce_path, std::to_string(user_id), ""})) {
-                LOG(ERROR) << "vold_prepare_subdirs failed on: " << misc_ce_path;
+            if (!prepare_subdirs("prepare", "misc_ce", volume_uuid, user_id, misc_ce_path))
                 return false;
-            }
+            // Now that credentials have been installed, we can run restorecon
+            // over these paths
+            // NOTE: these paths need to be kept in sync with libselinux
+            android::vold::RestoreconRecursive(system_ce_path);
+            android::vold::RestoreconRecursive(misc_ce_path);
         }
     }
 
@@ -692,6 +696,22 @@
                << ", user " << user_id << ", flags " << flags;
     bool res = true;
 
+    if (flags & FLAG_STORAGE_CE) {
+        // CE_n key
+        auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
+        auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+        auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
+        auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
+
+        res &= destroy_dir(media_ce_path);
+        res &= destroy_dir(user_ce_path);
+        if (volume_uuid.empty()) {
+            res &= prepare_subdirs("destroy", "misc_ce", volume_uuid, user_id, misc_ce_path);
+            res &= destroy_dir(system_ce_path);
+            res &= destroy_dir(misc_ce_path);
+        }
+    }
+
     if (flags & FLAG_STORAGE_DE) {
         // DE_sys key
         auto system_legacy_path = android::vold::BuildDataSystemLegacyPath(user_id);
@@ -703,7 +723,9 @@
         auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
         auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
 
+        res &= destroy_dir(user_de_path);
         if (volume_uuid.empty()) {
+            res &= prepare_subdirs("destroy", "misc_de", volume_uuid, user_id, misc_de_path);
             res &= destroy_dir(system_legacy_path);
 #if MANAGE_MISC_DIRS
             res &= destroy_dir(misc_legacy_path);
@@ -712,22 +734,6 @@
             res &= destroy_dir(system_de_path);
             res &= destroy_dir(misc_de_path);
         }
-        res &= destroy_dir(user_de_path);
-    }
-
-    if (flags & FLAG_STORAGE_CE) {
-        // CE_n key
-        auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
-        auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
-        auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
-        auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
-
-        if (volume_uuid.empty()) {
-            res &= destroy_dir(system_ce_path);
-            res &= destroy_dir(misc_ce_path);
-        }
-        res &= destroy_dir(media_ce_path);
-        res &= destroy_dir(user_ce_path);
     }
 
     return res;
diff --git a/vold_prepare_subdirs b/vold_prepare_subdirs
index f436ca2..cdea243 100644
--- a/vold_prepare_subdirs
+++ b/vold_prepare_subdirs
@@ -14,31 +14,54 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-set -e
+# Set up or tear down subdirectories of vold-created directories.
+#
+# This is kept separate from vold because under the SELinux rules, it has privileges vold doesn't
+# have. In particular, prepare_dir sets SELinux labels on subdirectories based on file_contexts,
+# so this script has some relabelling privileges.
 
-case "$3" in
-  *[!0-9]* | '')
-    echo "Invalid user id"
-    exit -1
-    ;;
+
+set -e
+action="$1"
+dirtype="$2"
+volume_uuid="$3"
+user_id="$4"
+path="$5"
+
+case "$user_id" in
+    *[!0-9]* | '')
+        echo "Invalid user id"
+        exit -1
+        ;;
 esac
 
-if [ x"$4" != x ] ; then
+if [ x"$volume_uuid" != x ] ; then
     echo "Volume must be root volume"
     exit -1;
 fi
 
-case "$1" in
+case "$dirtype" in
     misc_de|misc_ce)
-        computed_path="/data/$1/$3"
-        if [ x"$computed_path" != x"$2" ] ; then
+        computed_path="/data/$dirtype/$user_id"
+        if [ x"$computed_path" != x"$path" ] ; then
             echo "Parameter path didn't match computed path: " $computed_path
             exit -1;
         fi
-        /system/bin/prepare_dir --mode 700 --uid 0 --gid 0 -- "$computed_path"/vold
+        case "$action" in
+            prepare)
+                /system/bin/prepare_dir --mode 700 --uid 0 --gid 0 -- "$computed_path"/vold
+                ;;
+            destroy)
+                rm -rf "$computed_path"/*
+                ;;
+            *)
+                echo "Unknown action: $action"
+                exit -1
+                ;;
+        esac
         ;;
     *)
-        echo "Unknown type: $1"
-        exit -1;
+        echo "Unknown type: $dirtype"
+        exit -1
         ;;
 esac