From ecab40108724f102ee31476c1aeb04d982ac6354 Mon Sep 17 00:00:00 2001
From: padarshr <padarshr@codeaurora.org>
Date: Thu, 15 Mar 2018 13:09:00 +0530
Subject: [PATCH] Init: Enable init to relabel symlinks for
 recovery_block_device.

Allow init the ability to relabel recovery block devices. In the case
where we have recovery as a chain partition, due to its presence in
early mount node, init, in first stage itself would require relabel
permissions for the restorecon operation on recovery block device.

Bug: 73642793
Test: On bootup, recovery partition gets the appropriate se-label.
      Perform OTA on non-A/B device with recovery as chain partition,
      now the recovery partition gets upgraded successfully, now that
      it has the correct se-label.

Change-Id: I370c510320e78ab78c9c55573073415b4983d0f6
Merged-In: I370c510320e78ab78c9c55573073415b4983d0f6
(cherry picked from commit bc14ee3cd74b288d0999bd6f732950954b67c56b)
---
 public/init.te | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/public/init.te b/public/init.te
index 1489b701f..254d8e080 100644
--- a/public/init.te
+++ b/public/init.te
@@ -39,8 +39,11 @@ allow init dm_device:{ chr_file blk_file } relabelto;
 allow init kernel:fd use;
 # restorecon for early mount device symlinks
 allow init tmpfs:lnk_file { getattr read relabelfrom };
-allow init system_block_device:{ blk_file lnk_file } relabelto;
-allow init misc_block_device:{ blk_file lnk_file } relabelto;
+allow init {
+  misc_block_device
+  recovery_block_device
+  system_block_device
+}:{ blk_file lnk_file } relabelto;
 
 # setrlimit
 allow init self:global_capability_class_set sys_resource;
-- 
GitLab