From 6bde9cf66581145ee905153bf6fc785f4e9a7ba3 Mon Sep 17 00:00:00 2001
From: David Anderson <dvander@google.com>
Date: Thu, 3 Jan 2019 18:25:51 -0800
Subject: [PATCH] Allow init to symlink userdata during first stage mounting.

In order to boot into GSI, we need init's first-stage block-device
machinery to find userdata. This will create its symlink before sepolicy
is loaded, leading to denials in the second stage.

Bug: 121209697
Test: device boots
Change-Id: Ibf3398c811016e09747116cf17393e8d22541bb2
---
 public/init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/init.te b/public/init.te
index 8b95e2b5c..bcc929dfb 100644
--- a/public/init.te
+++ b/public/init.te
@@ -43,6 +43,7 @@ allow init {
   misc_block_device
   recovery_block_device
   system_block_device
+  userdata_block_device
 }:{ blk_file lnk_file } relabelto;
 
 # setrlimit
-- 
GitLab