commit a8d8434c42b27f0186be7ecd78c2acc9d459b068
author Paul Lawrence <paullawrence@google.com> Mon Nov 14 15:40:18 2016 -0800
committer Paul Lawrence <paullawrence@google.com> Wed Nov 16 22:27:45 2016 +0000
tree 897dbc3e29e705d582a9d1fbf89eece5fc4b4da3
parent e631e470e059d84388f3aacfe11a3fa60a584ba7

Add flags to restorecon_recursive to traverse filesystems

Use to solve the problem of tracefs conditionally being mounted
under debugfs and needing restorecon'd without boot performance
penalty.

Also move skip-ce to a flag for consistency.

Test: Check that trace_mount has correct attributes after boot
Bug: 32849675
Change-Id: Ib6731f502b6afc393ea5ada96fa95b339f14da49

rootdir/init.rc

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4e766bb..fb53178 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -293,11 +293,8 @@
     mount none /mnt/runtime/default /storage slave bind rec
 
     # Make sure /sys/kernel/debug (if present) is labeled properly
-    restorecon_recursive /sys/kernel/debug
-
-    # On systems with tracefs, tracing is a separate mount, so make sure
-    # it too is correctly labeled
-    restorecon_recursive /sys/kernel/debug/tracing
+    # Note that tracefs may be mounted under debug, so we need to cross filesystems
+    restorecon --recursive --cross-filesystems /sys/kernel/debug
 
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache
@@ -462,7 +459,7 @@
     init_user0
 
     # Set SELinux security contexts on upgrade or policy update.
-    restorecon_recursive /data
+    restorecon --recursive --skip-ce /data
 
     # Check any timezone data in /data is newer than the copy in /system, delete if not.
     exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo