init: enable init to relabel symlinks for system_block_devices early mounted block device are created by 'init' in its first stage, so the following restorecon() now finds device nodes and their corresponding symlinks. The CL adds rule to make sure the block and system_block_devices can be relabeled by init in this case. Bug: 35792677 Bug: 27805372 Test: tested ota using 'adb sideload' on sailfish Change-Id: I7d9d89878919c1267bf3c74f0cdbb4367b5ad458 Signed-off-by: Sandeep Patil <sspatil@google.com>

commit: df32f3e82b45278f5817226b3f2576b0612f6103 [log] [tgz]
author: Sandeep Patil <sspatil@google.com> Mon Feb 27 14:15:54 2017 -0800
committer: Sandeep Patil <sspatil@google.com> Mon Feb 27 14:30:05 2017 -0800
tree: b29747988ea9ac291a7af7071c9e25a85f1f6ee7
parent: 8d48aa798887b26e802cfe8c5a6c064c50bb637d [diff]
diff --git a/public/init.te b/public/init.te
index e1c67e5..dda65cd 100644
--- a/public/init.te
+++ b/public/init.te

@@ -32,6 +32,7 @@
 allow init kernel:fd use;
 # restorecon for early mount device symlinks
 allow init tmpfs:lnk_file { getattr read relabelfrom };
+allow init system_block_device:{ blk_file lnk_file } relabelto;
 
 # setrlimit
 allow init self:capability sys_resource;
commit	df32f3e82b45278f5817226b3f2576b0612f6103	[log] [tgz]
author	Sandeep Patil <sspatil@google.com>	Mon Feb 27 14:15:54 2017 -0800
committer	Sandeep Patil <sspatil@google.com>	Mon Feb 27 14:30:05 2017 -0800
tree	b29747988ea9ac291a7af7071c9e25a85f1f6ee7
parent	8d48aa798887b26e802cfe8c5a6c064c50bb637d [diff]