Add SELinux filesystem relabeling to init
Since not all recoveries out there will support the OTA packages'
own labeling, check at boot if the system needs labels (and
apply them)
Change-Id: I58767977b90a78a12efe7bd9d713654eadf47e7a
diff --git a/config/common.mk b/config/common.mk
index 96e6ce5..56d53b7 100644
--- a/config/common.mk
+++ b/config/common.mk
@@ -95,6 +95,10 @@
PRODUCT_COPY_FILES += \
vendor/cm/prebuilt/common/etc/init.d/90userinit:system/etc/init.d/90userinit
+# SELinux filesystem labels
+PRODUCT_COPY_FILES += \
+ vendor/cm/prebuilt/common/etc/init.d/50selinuxrelabel:system/etc/init.d/50selinuxrelabel
+
# CM-specific init file
PRODUCT_COPY_FILES += \
vendor/cm/prebuilt/common/etc/init.local.rc:root/init.cm.rc
diff --git a/prebuilt/common/etc/init.d/50selinuxrelabel b/prebuilt/common/etc/init.d/50selinuxrelabel
new file mode 100644
index 0000000..4096fdc
--- /dev/null
+++ b/prebuilt/common/etc/init.d/50selinuxrelabel
@@ -0,0 +1,46 @@
+#!/system/bin/sh
+
+L="log -p i -t SELinuxLabel"
+
+# Bail out early if not on a SELinux build
+getprop ro.build.selinux | grep -q 1 || exit
+if [ ! -f /file_contexts ]; then
+ exit
+fi
+
+LABELDATA=0
+LABELSYS=0
+
+# Test /data
+ls -Zd /data/anr | grep -q unlabeled
+if [ $? -eq 0 ]; then
+ $L "userdata is unlabeled, fixing..."
+ LABELDATA=1
+fi
+
+ls -Z /system/bin/surfaceflinger | grep -q unlabeled
+if [ $? -eq 0 ]; then
+ $L "system is unlabeled, fixing... (You really should update your recovery)"
+ LABELSYS=1
+fi
+
+ls -Z /system/app/GoogleServicesFramework.apk | grep -q unlabeled
+if [ $LABELSYS = "0" -a $? -eq 0 ]; then
+ $L "Found unlabeled Google framework, fixing..."
+ LABELSYS=1
+fi
+
+
+if [ $LABELSYS = "1" ]; then
+ busybox mount -o remount,rw /system
+ $L "/system relabel starting..."
+ restorecon -R /system
+ $L "/system relabel complete"
+ busybox mount -o remount,ro /system
+fi
+
+if [ $LABELDATA = "1" ]; then
+ $L "/data relabel starting..."
+ restorecon -R /data
+ $L "/data relabel complete"
+fi