Commit Graph

2 Commits

Author SHA1 Message Date
Arian
f97544641c sm6150-common: sepolicy: Extend vendor_toolbox permissions to files in persist
Change-Id: Idf0d7b67e861d2dcb8f6b46cbd2cc5b26b77e08d
2022-06-28 00:40:59 +02:00
Felix
a13246a7fc sm6150-common: Force restorecon for /mnt/vendor/persist
The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /mnt/vendor/persist/ has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Force wiping that xattr so that restorecon always runs since it's not
very expensive (there are currently only about 50 files on /persist).

The restorecon is needed to fix issues such as wrong stock labels on
/mnt/vendor/persist/sensors/:
sensors_persist_file -> persist_sensors_file

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
2022-03-27 13:38:12 +02:00