Root of /data belongs to init (re-landing) Give /data itself a different label to its contents, to ensure that only init creates files and directories there. This change originally landed as aosp/1106014 and was reverted in aosp/1116238 to fix b/140402208. aosp/1116298 fixes the underlying problem, and with that we can re-land this change. Bug: 139190159 Bug: 140402208 Test: aosp boots, logs look good Change-Id: I1a366c577a0fff307ca366a6844231bcf8afe3bf

commit: aed0f76ee915de983fb22d49e6294b4df3343ac7 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Thu Aug 01 15:57:47 2019 -0700
committer: Paul Crowley <paulcrowley@google.com> Mon Sep 09 14:42:01 2019 -0700
tree: 8a1a22b305f1bc5d588bdd489a358fcffc0da4ac
parent: 6e85cd91d0832ca6d5eb582233646d6e08c1e13d [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 3740218..1e9549c 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -436,7 +436,8 @@
 # NOTE: When modifying existing label rules, changes may also need to
 # propagate to the "Expanded data files" section.
 #
-/data(/.*)?		u:object_r:system_data_file:s0
+/data		u:object_r:system_data_root_file:s0
+/data/(.*)?		u:object_r:system_data_file:s0
 /data/system/packages\.list u:object_r:packages_list_file:s0
 /data/unencrypted(/.*)?         u:object_r:unencrypted_data_file:s0
 /data/backup(/.*)?		u:object_r:backup_data_file:s0
commit	aed0f76ee915de983fb22d49e6294b4df3343ac7	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Thu Aug 01 15:57:47 2019 -0700
committer	Paul Crowley <paulcrowley@google.com>	Mon Sep 09 14:42:01 2019 -0700
tree	8a1a22b305f1bc5d588bdd489a358fcffc0da4ac
parent	6e85cd91d0832ca6d5eb582233646d6e08c1e13d [diff] [blame]