Merge "Explicitly call restorecon_recursive on /metadata/apex" am: 5b2457ed34 Original change: https://android-review.googlesource.com/c/platform/system/core/+/1348884 Change-Id: I42ac96691e09e203976c0c804da0132ba4053ccc

commit: b3a10e52201e3602bf4c4a4120cace63e0bb2304 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Wed Jun 24 17:00:40 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Jun 24 17:00:40 2020 +0000
tree: 986aee1139478534f8d2b69771487e0e04aa1d64
parent: fc10e3f8838477e9ce8de8b7aae2204c7608e0dc [diff]
parent: 5b2457ed3494512ab2c1573d556631979abe9930 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 226bcf4..fb6f1be 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -520,6 +520,13 @@
 
     mkdir /metadata/apex 0700 root system
     mkdir /metadata/apex/sessions 0700 root system
+    # On some devices we see a weird behaviour in which /metadata/apex doesn't
+    # have a correct label. To workaround this bug, explicitly call restorecon
+    # on /metadata/apex. For most of the boot sequences /metadata/apex will
+    # already have a correct selinux label, meaning that this call will be a
+    # no-op.
+    restorecon_recursive /metadata/apex
+
 on late-fs
     # Ensure that tracefs has the correct permissions.
     # This does not work correctly if it is called in post-fs.
commit	b3a10e52201e3602bf4c4a4120cace63e0bb2304	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Wed Jun 24 17:00:40 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Wed Jun 24 17:00:40 2020 +0000
tree	986aee1139478534f8d2b69771487e0e04aa1d64
parent	fc10e3f8838477e9ce8de8b7aae2204c7608e0dc [diff]
parent	5b2457ed3494512ab2c1573d556631979abe9930 [diff]