Merge "init: clarify comment for the restorecon of second stage init" am: 424ffa2df9 am: f1e6db5567 am: 28f2c822b9
am: 7ade77b470
Change-Id: I14943803bdc38f89cfa6be43f08c2fe48187a101
diff --git a/init/init_first_stage.cpp b/init/init_first_stage.cpp
index b367f2a..466cde3 100644
--- a/init/init_first_stage.cpp
+++ b/init/init_first_stage.cpp
@@ -138,9 +138,10 @@
SelinuxSetupKernelLogging();
SelinuxInitialize();
- // Unneeded? It's an ext4 file system so shouldn't it have the right domain already?
- // We're in the kernel domain, so re-exec init to transition to the init domain now
- // that the SELinux policy has been loaded.
+ // We're in the kernel domain and want to transition to the init domain when we exec second
+ // stage init. File systems that store SELabels in their xattrs, such as ext4 do not need an
+ // explicit restorecon here, but other file systems do. In particular, this is needed for
+ // ramdisks such as the recovery image for A/B devices.
if (selinux_android_restorecon("/system/bin/init", 0) == -1) {
PLOG(FATAL) << "restorecon failed of /system/bin/init failed";
}