From 4bb500fa9a0a67124d5ebaf416e228716f2e5621 Mon Sep 17 00:00:00 2001
From: David Anderson <dvander@google.com>
Date: Fri, 6 Mar 2020 18:14:19 -0800
Subject: [PATCH] init: Fix restorecon for /metadata.

Since new files can be introduced to /metadata after the initial
restorecon, we need to skip hashing.

Bug: 150907679
Test: rollback, ls -lZ /metadata/ota
Change-Id: I1f928f519ae2c75aeedb74b70d513743e86bcf2b
---
 init/selinux.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/init/selinux.cpp b/init/selinux.cpp
index acbcbd647..808cb7fc7 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -539,9 +539,9 @@ void SelinuxRestoreContext() {
 
     // adb remount, snapshot-based updates, and DSUs all create files during
     // first-stage init.
-    selinux_android_restorecon("/metadata", SELINUX_ANDROID_RESTORECON_RECURSE);
-
     selinux_android_restorecon(SnapshotManager::GetGlobalRollbackIndicatorPath().c_str(), 0);
+    selinux_android_restorecon("/metadata/gsi", SELINUX_ANDROID_RESTORECON_RECURSE |
+                                                        SELINUX_ANDROID_RESTORECON_SKIP_SEHASH);
 }
 
 int SelinuxKlogCallback(int type, const char* fmt, ...) {