From d9c19b0c15f810bd92c27d38056763785acb99bd Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Tue, 2 Sep 2014 09:34:53 -0400 Subject: [PATCH] Remove obsolete warning from restorecon_recursive documentation. We originally included a warning to not invoke restorecon_recursive with a path leading to a shell-writable or app-writable directory due to concerns about the potential for mischief with symlinks during the restorecon_recursive. However, this warning was never necessary for calling restorecon_recursive during system initialization before an adb shell or app can run, and we have further prohibited init from reading/following symlinks that can be created by shell or apps in policy, so this warning is superfluous. It also contradicts current usage of restorecon_recursive in rootdir/init.rc, since it is called there on /data. Change-Id: I28a635e0b5991ced8adcef93e7a04f9d9e5634fd Signed-off-by: Stephen Smalley --- init/readme.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/init/readme.txt b/init/readme.txt index decea9af8..750d9534c 100644 --- a/init/readme.txt +++ b/init/readme.txt @@ -202,8 +202,6 @@ restorecon [ ]* restorecon_recursive [ ]* Recursively restore the directory tree named by to the security contexts specified in the file_contexts configuration. - Do NOT use this with paths leading to shell-writable or app-writable - directories, e.g. /data/local/tmp, /data/data or any prefix thereof. setcon Set the current process security context to the specified string.