From 0c6a2d0766081fbcde9de6eec05fc18e28090a71 Mon Sep 17 00:00:00 2001
From: Felix <google@ix5.org>
Date: Fri, 26 Apr 2019 18:02:06 +0200
Subject: [PATCH] exynos9610: Force restorecon for /data/vendor

The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /efs or /persist has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
---
 configs/init/init.exynos9610.rc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configs/init/init.exynos9610.rc b/configs/init/init.exynos9610.rc
index f47211b..82b2241 100644
--- a/configs/init/init.exynos9610.rc
+++ b/configs/init/init.exynos9610.rc
@@ -173,6 +173,10 @@ on post-fs
     setrlimit 8 67108864 67108864
 
 on post-fs-data
+   exec u:r:vendor_toolbox:s0 -- /vendor/bin/toybox_vendor find /data/vendor -type d \
+        -exec /vendor/bin/toybox_vendor setfattr -x security.sehash {} \;
+   restorecon_recursive /data/vendor
+
 # Exynos Data folder
     mkdir /data/vendor 0775 root system
     mkdir /data/vendor/log 0771 root system
-- 
2.20.1