Init: Enable init to relabel symlinks for recovery_block_device.

Allow init the ability to relabel recovery block devices. In the case where we have recovery as a chain partition, due to its presence in early mount node, init, in first stage itself would require relabel permissions for the restorecon operation on recovery block device. Bug: 73642793 Test: On bootup, recovery partition gets the appropriate se-label. Perform OTA on non-A/B device with recovery as chain partition, now the recovery partition gets upgraded successfully, now that it has the correct se-label. Change-Id: I370c510320e78ab78c9c55573073415b4983d0f6

Init: Enable init to relabel symlinks for recovery_block_device.
Allow init the ability to relabel recovery block devices. In the case where we have recovery as a chain partition, due to its presence in early mount node, init, in first stage itself would require relabel permissions for the restorecon operation on recovery block device. Bug: 73642793 Test: On bootup, recovery partition gets the appropriate se-label. Perform OTA on non-A/B device with recovery as chain partition, now the recovery partition gets upgraded successfully, now that it has the correct se-label. Change-Id: I370c510320e78ab78c9c55573073415b4983d0f6
bc14ee3c · padarshr · Tao Bao · 35f66543 · bc14ee3c
Commit bc14ee3c authored 7 years ago by padarshr Committed by Tao Bao 7 years ago
--- a/public/init.te
+++ b/public/init.te
@@ -39,8 +39,11 @@ allow init dm_device:{ chr_file blk_file } relabelto;
 allow init kernel:fd use;
 # restorecon for early mount device symlinks
 allow init tmpfs:lnk_file { getattr read relabelfrom };
-allow init system_block_device:{ blk_file lnk_file } relabelto;
-allow init misc_block_device:{ blk_file lnk_file } relabelto;
+allow init {
+  misc_block_device
+  recovery_block_device
+  system_block_device
+}:{ blk_file lnk_file } relabelto;

 # setrlimit
 allow init self:global_capability_class_set sys_resource;