From 028ed753b5d7f11baf00033c8dbc6089dc7c32cd Mon Sep 17 00:00:00 2001
From: Fyodor Kupolov <fkupolov@google.com>
Date: Fri, 8 Jul 2016 10:34:22 -0700
Subject: [PATCH] Allow system_server to delete directories in preloads

avc: denied { rmdir } for name="apps" dev="sda35" ino=38 scontext=u:r:system_server:s0 tcontext=u:object_r:preloads_data_file:s0 tclass=dir permissive=0
avc: denied { rmdir } for name="demo" dev="sda35" ino=41 scontext=u:r:system_server:s0 tcontext=u:object_r:preloads_data_file:s0 tclass=dir permissive=0

Bug: 28855287
Change-Id: Ia470f94d1d960cc4ebe68cb364b8425418acdbd4
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index fcaccdb49..6933308fa 100644
--- a/system_server.te
+++ b/system_server.te
@@ -537,7 +537,7 @@ allow system_server update_engine:fifo_file write;
 
 # Access to /data/preloads
 allow system_server preloads_data_file:file { r_file_perms unlink };
-allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir };
 
 ###
 ### Neverallow rules
-- 
GitLab