Add a restorecon_recursive built-in command to init.
Functionally equivalent to the restorecon -R toolbox command.
A use case is given by:
I48eaa2b9901ac8c978192c14493ba1058a089423
Also, fix error handling and documentation for restorecon command.
Change-Id: Ia7fbcc82645baf52c6bff0490d3492f458881cbb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/init/readme.txt b/init/readme.txt
index 1e8c392..42a09cb 100644
--- a/init/readme.txt
+++ b/init/readme.txt
@@ -192,12 +192,18 @@
device by name.
<mountoption>s include "ro", "rw", "remount", "noatime", ...
-restorecon <path>
+restorecon <path> [ <path> ]*
Restore the file named by <path> to the security context specified
in the file_contexts configuration.
Not required for directories created by the init.rc as these are
automatically labeled correctly by init.
+restorecon_recursive <path> [ <path> ]*
+ Recursively restore the directory tree named by <path> to the
+ security contexts specified in the file_contexts configuration.
+ Do NOT use this with paths leading to shell-writable or app-writable
+ directories, e.g. /data/local/tmp, /data/data or any prefix thereof.
+
setcon <securitycontext>
Set the current process security context to the specified string.
This is typically only used from early-init to set the init context