From 421dadbc9dc4e5fdd7544a7ecc3343101644a9c3 Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Mon, 11 May 2015 10:46:22 +0100
Subject: [PATCH] Allow vold to create subdirectories within its private area.

AVC message we get without this change creating
/data/misc/vold/user_keys

05-12 08:57:54.839   189   189 W vold    : type=1400 audit(0.0:176):
avc: denied { create } for name="user_keys" scontext=u:r:vold:s0
tcontext=u:object_r:vold_data_file:s0 tclass=dir permissive=0

Bug: 19704432
Change-Id: I10fc90c64c7c10fa9811133a4289663ae8617607
---
 vold.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vold.te b/vold.te
index b3b4ba803..4ee45b91d 100644
--- a/vold.te
+++ b/vold.te
@@ -145,7 +145,7 @@ allow vold unencrypted_data_file:{ file } create_file_perms;
 allow vold unencrypted_data_file:dir create_dir_perms;
 
 # Give vold a place where only vold can store files; everyone else is off limits
-allow vold vold_data_file:dir rw_dir_perms;
+allow vold vold_data_file:dir create_dir_perms;
 allow vold vold_data_file:file create_file_perms;
 
 # linux keyring configuration