From df32f3e82b45278f5817226b3f2576b0612f6103 Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Mon, 27 Feb 2017 14:15:54 -0800
Subject: [PATCH] init: enable init to relabel symlinks for
 system_block_devices

early mounted block device are created by 'init' in its first stage, so
the following restorecon() now finds device nodes and their corresponding
symlinks. The CL adds rule to make sure the block and
system_block_devices can be relabeled by init in this case.

Bug: 35792677
Bug: 27805372

Test: tested ota using 'adb sideload' on sailfish

Change-Id: I7d9d89878919c1267bf3c74f0cdbb4367b5ad458
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
 public/init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/init.te b/public/init.te
index e1c67e5ca..dda65cd16 100644
--- a/public/init.te
+++ b/public/init.te
@@ -32,6 +32,7 @@ allow init dm_device:{ chr_file blk_file } relabelto;
 allow init kernel:fd use;
 # restorecon for early mount device symlinks
 allow init tmpfs:lnk_file { getattr read relabelfrom };
+allow init system_block_device:{ blk_file lnk_file } relabelto;
 
 # setrlimit
 allow init self:capability sys_resource;
-- 
GitLab