init: manually restorecon mke2fs tools on ramdisk
Files in the ramdisk by default have the rootfs label and must be
manually restoreconed.
Bug: 35219933
Change-Id: I2a749f128dc3a609907101ce703747f8990b4386
diff --git a/init/init.cpp b/init/init.cpp
index 99ce5e6..8398e02 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -863,9 +863,9 @@
}
}
-// The files and directories that were created before initial sepolicy load
-// need to have their security context restored to the proper value.
-// This must happen before /dev is populated by ueventd.
+// The files and directories that were created before initial sepolicy load or
+// files on ramdisk need to have their security context restored to the proper
+// value. This must happen before /dev is populated by ueventd.
static void selinux_restore_context() {
LOG(INFO) << "Running restorecon...";
restorecon("/dev");
@@ -882,6 +882,9 @@
restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
restorecon("/dev/device-mapper");
+
+ restorecon("/sbin/mke2fs");
+ restorecon("/sbin/e2fsdroid");
}
// Set the UDC controller for the ConfigFS USB Gadgets.
