diff options
author | Jin Qian <jinqian@google.com> | 2017-05-03 11:52:20 -0700 |
---|---|---|
committer | Jin Qian <jinqian@google.com> | 2017-05-03 16:15:45 -0700 |
commit | 2d019f859b5b4c29eb59794c731316cefa99994d (patch) | |
tree | 2b7e14dfb0ad4b0e33bf31202aa936a225010bb7 /init | |
parent | 5ad06cbb1c934997e2c0af0608d7c80ce4ee477c (diff) | |
download | core-2d019f859b5b4c29eb59794c731316cefa99994d.tar.gz core-2d019f859b5b4c29eb59794c731316cefa99994d.tar.bz2 core-2d019f859b5b4c29eb59794c731316cefa99994d.zip |
init: manually restorecon mke2fs tools on ramdisk
Files in the ramdisk by default have the rootfs label and must be
manually restoreconed.
Bug: 35219933
Change-Id: I2a749f128dc3a609907101ce703747f8990b4386
Diffstat (limited to 'init')
-rw-r--r-- | init/init.cpp | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/init/init.cpp b/init/init.cpp index 99ce5e692..8398e025a 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -863,9 +863,9 @@ static void selinux_initialize(bool in_kernel_domain) { } } -// The files and directories that were created before initial sepolicy load -// need to have their security context restored to the proper value. -// This must happen before /dev is populated by ueventd. +// The files and directories that were created before initial sepolicy load or +// files on ramdisk need to have their security context restored to the proper +// value. This must happen before /dev is populated by ueventd. static void selinux_restore_context() { LOG(INFO) << "Running restorecon..."; restorecon("/dev"); @@ -882,6 +882,9 @@ static void selinux_restore_context() { restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/device-mapper"); + + restorecon("/sbin/mke2fs"); + restorecon("/sbin/e2fsdroid"); } // Set the UDC controller for the ConfigFS USB Gadgets. |