Merge "Explicitly call restorecon_recursive on /metadata/apex" am: 5b2457ed34

Original change: https://android-review.googlesource.com/c/platform/system/core/+/1348884 Change-Id: I42ac96691e09e203976c0c804da0132ba4053ccc
2020-06-24 17:00:40 +00:00 · 2020-06-24 17:00:40 +00:00 · b3a10e5220
commit b3a10e5220
parent fc10e3f883 5b2457ed34
1 changed files with 7 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -520,6 +520,13 @@ on post-fs

    mkdir /metadata/apex 0700 root system
    mkdir /metadata/apex/sessions 0700 root system
+    # On some devices we see a weird behaviour in which /metadata/apex doesn't
+    # have a correct label. To workaround this bug, explicitly call restorecon
+    # on /metadata/apex. For most of the boot sequences /metadata/apex will
+    # already have a correct selinux label, meaning that this call will be a
+    # no-op.
+    restorecon_recursive /metadata/apex
+
 on late-fs
    # Ensure that tracefs has the correct permissions.
    # This does not work correctly if it is called in post-fs.