From: Felix <google@ix5.org>
Date: Fri, 26 Apr 2019 16:02:06 +0000 (+0200)
Subject: exynos9610: Force restorecon for /data/vendor
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0c6a2d0766081fbcde9de6eec05fc18e28090a71;p=GitHub%2FLineageOS%2Fandroid_device_motorola_exynos9610-common.git

exynos9610: Force restorecon for /data/vendor

The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /efs or /persist has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
---

diff --git a/configs/init/init.exynos9610.rc b/configs/init/init.exynos9610.rc
index f47211b..82b2241 100644
--- a/configs/init/init.exynos9610.rc
+++ b/configs/init/init.exynos9610.rc
@@ -173,6 +173,10 @@ on post-fs
     setrlimit 8 67108864 67108864
 
 on post-fs-data
+   exec u:r:vendor_toolbox:s0 -- /vendor/bin/toybox_vendor find /data/vendor -type d \
+        -exec /vendor/bin/toybox_vendor setfattr -x security.sehash {} \;
+   restorecon_recursive /data/vendor
+
 # Exynos Data folder
     mkdir /data/vendor 0775 root system
     mkdir /data/vendor/log 0771 root system