Merge "Explicitly call restorecon_recursive on /metadata/apex" into rvc-dev am: 6a8602a8c9 am: d9469bdcd5

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/11955299 Change-Id: I0a9e34af7c917fa27560853cbe579f555476302a
author: Nikita Ioffe <ioffe@google.com> 2020-06-22 22:06:25 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-06-22 22:06:25 +0000
commit: 40707d7574b25efc93b70298f18e1a3d13a9de72 (patch)
tree: 6eb3dd84e4e89078266bc160f7238b9461d200d3
parent: ef09b84def2425514e8c12a0c98bba2168a4720f (diff)
parent: d9469bdcd5e9915b0f3972cc655e0fc32b053975 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 7b57a888d..e3d92b97f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -520,6 +520,12 @@ on post-fs
 
     mkdir /metadata/apex 0700 root system
     mkdir /metadata/apex/sessions 0700 root system
+    # On some devices we see a weird behaviour in which /metadata/apex doesn't
+    # have a correct label. To workaround this bug, explicitly call restorecon
+    # on /metadata/apex. For most of the boot sequences /metadata/apex will
+    # already have a correct selinux label, meaning that this call will be a
+    # no-op.
+    restorecon_recursive /metadata/apex
 
     mkdir /metadata/staged-install 0770 root system
 on late-fs
author	Nikita Ioffe <ioffe@google.com>	2020-06-22 22:06:25 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-06-22 22:06:25 +0000
commit	40707d7574b25efc93b70298f18e1a3d13a9de72 (patch)
tree	6eb3dd84e4e89078266bc160f7238b9461d200d3
parent	ef09b84def2425514e8c12a0c98bba2168a4720f (diff)
parent	d9469bdcd5e9915b0f3972cc655e0fc32b053975 (diff)