exynos9610: Force restorecon for /data/vendor

The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /efs or /persist has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e

diff --git a/configs/init/init.exynos9610.rc b/configs/init/init.exynos9610.rc
index f47211b8a0f6b4a0b30dfa949f12bd82402ebe7d..82b2241f865a749b12821f8a0bdd176936e56f93 100644 (file)
--- a/configs/init/init.exynos9610.rc
+++ b/configs/init/init.exynos9610.rc
@@ -173,6 +173,10 @@ on post-fs
     setrlimit 8 67108864 67108864
 
 on post-fs-data
+   exec u:r:vendor_toolbox:s0 -- /vendor/bin/toybox_vendor find /data/vendor -type d \
+        -exec /vendor/bin/toybox_vendor setfattr -x security.sehash {} \;
+   restorecon_recursive /data/vendor
+
 # Exynos Data folder
     mkdir /data/vendor 0775 root system
     mkdir /data/vendor/log 0771 root system