From 2d019f859b5b4c29eb59794c731316cefa99994d Mon Sep 17 00:00:00 2001 From: Jin Qian Date: Wed, 3 May 2017 11:52:20 -0700 Subject: [PATCH] init: manually restorecon mke2fs tools on ramdisk Files in the ramdisk by default have the rootfs label and must be manually restoreconed. Bug: 35219933 Change-Id: I2a749f128dc3a609907101ce703747f8990b4386 --- init/init.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/init/init.cpp b/init/init.cpp index 99ce5e692..8398e025a 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -863,9 +863,9 @@ static void selinux_initialize(bool in_kernel_domain) { } } -// The files and directories that were created before initial sepolicy load -// need to have their security context restored to the proper value. -// This must happen before /dev is populated by ueventd. +// The files and directories that were created before initial sepolicy load or +// files on ramdisk need to have their security context restored to the proper +// value. This must happen before /dev is populated by ueventd. static void selinux_restore_context() { LOG(INFO) << "Running restorecon..."; restorecon("/dev"); @@ -882,6 +882,9 @@ static void selinux_restore_context() { restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/device-mapper"); + + restorecon("/sbin/mke2fs"); + restorecon("/sbin/e2fsdroid"); } // Set the UDC controller for the ConfigFS USB Gadgets.