From 31899451923b4e8cb1042dc147912161631eef6d Mon Sep 17 00:00:00 2001
From: Fyodor Kupolov <fkupolov@google.com>
Date: Fri, 8 Jul 2016 10:34:22 -0700
Subject: [PATCH] Allow system_server to delete directories in preloads

(cherry picked from commit 028ed753b5d7f11baf00033c8dbc6089dc7c32cd)

avc: denied { rmdir } for name="apps" scontext=u:r:system_server:s0 tcontext=u:object_r:preloads_data_file:s0 tclass=dir permissive=0
avc: denied { rmdir } for name="demo" scontext=u:r:system_server:s0 tcontext=u:object_r:preloads_data_file:s0 tclass=dir permissive=0

Bug: 28855287
Change-Id: Ia470f94d1d960cc4ebe68cb364b8425418acdbd4
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index 73ef436de..5ccc05f05 100644
--- a/system_server.te
+++ b/system_server.te
@@ -547,7 +547,7 @@ allow system_server update_engine:fifo_file write;
 
 # Access to /data/preloads
 allow system_server preloads_data_file:file { r_file_perms unlink };
-allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir };
 
 r_dir_file(system_server, cgroup)
 allow system_server ion_device:chr_file r_file_perms;
-- 
GitLab