From bc14ee3cd74b288d0999bd6f732950954b67c56b Mon Sep 17 00:00:00 2001
From: padarshr <padarshr@codeaurora.org>
Date: Thu, 15 Mar 2018 13:09:00 +0530
Subject: [PATCH] Init: Enable init to relabel symlinks for
 recovery_block_device.

Allow init the ability to relabel recovery block devices. In the case
where we have recovery as a chain partition, due to its presence in
early mount node, init, in first stage itself would require relabel
permissions for the restorecon operation on recovery block device.

Bug: 73642793
Test: On bootup, recovery partition gets the appropriate se-label.
      Perform OTA on non-A/B device with recovery as chain partition,
      now the recovery partition gets upgraded successfully, now that
      it has the correct se-label.

Change-Id: I370c510320e78ab78c9c55573073415b4983d0f6
---
 public/init.te | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/public/init.te b/public/init.te
index 0b1e86c5c..1d04f848f 100644
--- a/public/init.te
+++ b/public/init.te
@@ -39,8 +39,11 @@ allow init dm_device:{ chr_file blk_file } relabelto;
 allow init kernel:fd use;
 # restorecon for early mount device symlinks
 allow init tmpfs:lnk_file { getattr read relabelfrom };
-allow init system_block_device:{ blk_file lnk_file } relabelto;
-allow init misc_block_device:{ blk_file lnk_file } relabelto;
+allow init {
+  misc_block_device
+  recovery_block_device
+  system_block_device
+}:{ blk_file lnk_file } relabelto;
 
 # setrlimit
 allow init self:global_capability_class_set sys_resource;
-- 
GitLab