From 715c4dc3f9972f312d2c072dd9e47d1408ee6f55 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 7 Dec 2015 16:57:08 -0800
Subject: [PATCH] init.rc: restorecon_recursive /sys/kernel/debug

If /sys/kernel/debug is present, make sure it has all the appropriate
SELinux labels.

Labeling of /sys/kernel/debug depends on kernel support
added in commit https://android-review.googlesource.com/122130

This patch depends on an external/sepolicy change with the
same Change-Id as this patch.

Change-Id: Id1d6a9ad6d0759d6de839458890e8cb24685db6d
---
 rootdir/init.rc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index a0b1acf01..e4a34dcbc 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -244,6 +244,9 @@ on post-fs
     # Mount default storage into root namespace
     mount none /mnt/runtime/default /storage slave bind rec
 
+    # Make sure /sys/kernel/debug (if present) is labeled properly
+    restorecon_recursive /sys/kernel/debug
+
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache
     chmod 0770 /cache