The permission of the directory /cache/recovery and files in it is changed from
cache_file to
cache_recovery_file by this change:
https://android.googlesource.com/platform/system/sepolicy/+/549ccf77e3fd23bb6c690da7023441c1007c4fd8%5E%21/#F4If the directory /cache/recovery is removed and recreated, it will inherit the SELinux context of its parent:
# ls -Z /cache
u:object_r:cache_private_backup_file:s0 backup
u:object_r:cache_backup_file:s0 backup_stage
u:object_r:cache_file:s0 lost+found
u:object_r:cache_recovery_file:s0 recovery
# rmdir /cache/recovery/
# mkdir /cache/recovery
# ls -Z /cache
u:object_r:cache_private_backup_file:s0 backup
u:object_r:cache_backup_file:s0 backup_stage
u:object_r:cache_file:s0 lost+found
u:object_r:cache_file:s0 recovery
"restorecon_recursive /cache" in init.rc will not fix this:
[ 3.386256] (4)[1:init]init: SELinux: Skipping restorecon_recursive(/cache)
[ 3.387131] (4)[1:init]init: Command 'restorecon_recursive /cache' action=post-fs (/init.rc:289) returned 0 took 0.00s
$ adb shell ls -Z /cache
u:object_r:cache_private_backup_file:s0 backup
u:object_r:cache_backup_file:s0 backup_stage
u:object_r:cache_file:s0 lost+found
u:object_r:cache_file:s0 recovery
"restorecon_recursive /cache/recovery" can fix this:
[ 3.781207] (4)[1:init]init: Command 'restorecon_recursive /cache/recovery' action=post-fs (/init.rc:296) returned 0 took 0.00s
$ adb shell ls -Z /cache
u:object_r:cache_private_backup_file:s0 backup
u:object_r:cache_backup_file:s0 backup_stage
u:object_r:cache_file:s0 lost+found
u:object_r:cache_recovery_file:s0 recovery
Should "restorecon_recursive /cache/recovery" need to be added in init.rc?