Merge "Explicitly call restorecon_recursive on /metadata/apex" into rvc-dev am: 6a8602a8c9 am: 65c8f6e9a5 Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/11955299 Change-Id: I15cc7f6987392be167eb315178c7875369aa97c8

commit: d3c03dafed3c4b4e0334264fe8d4144b23496ad7 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Mon Jun 22 22:11:42 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jun 22 22:11:42 2020 +0000
tree: 22718816b82566bfb4321ff53e8d8b577f6eaccd
parent: b9edfdf3bcc893ec81f061aa73ba47ce00830b68 [diff]
parent: b7bb53bd06d96a61ef3866079f2ddb575fa04e41 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 73ac7fd..e7ba1f3 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -517,6 +517,12 @@
 
     mkdir /metadata/apex 0700 root system
     mkdir /metadata/apex/sessions 0700 root system
+    # On some devices we see a weird behaviour in which /metadata/apex doesn't
+    # have a correct label. To workaround this bug, explicitly call restorecon
+    # on /metadata/apex. For most of the boot sequences /metadata/apex will
+    # already have a correct selinux label, meaning that this call will be a
+    # no-op.
+    restorecon_recursive /metadata/apex
 
     mkdir /metadata/staged-install 0770 root system
 on late-fs
commit	d3c03dafed3c4b4e0334264fe8d4144b23496ad7	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Mon Jun 22 22:11:42 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jun 22 22:11:42 2020 +0000
tree	22718816b82566bfb4321ff53e8d8b577f6eaccd
parent	b9edfdf3bcc893ec81f061aa73ba47ce00830b68 [diff]
parent	b7bb53bd06d96a61ef3866079f2ddb575fa04e41 [diff]