Commit d9c19b0c authored Sep 02, 2014 by Stephen Smalley

Remove obsolete warning from restorecon_recursive documentation.



We originally included a warning to not invoke restorecon_recursive
with a path leading to a shell-writable or app-writable directory
due to concerns about the potential for mischief with symlinks during
the restorecon_recursive.  However, this warning was never necessary for
calling restorecon_recursive during system initialization before an adb
shell or app can run, and we have further prohibited init from
reading/following symlinks that can be created by shell or apps in
policy, so this warning is superfluous.  It also contradicts current
usage of restorecon_recursive in rootdir/init.rc, since it is called
there on /data.

Change-Id: I28a635e0b5991ced8adcef93e7a04f9d9e5634fd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 7a1973ec

init/readme.txt

+0 −2

Original line number	Diff line number	Diff line
		@@ -202,8 +202,6 @@ restorecon <path> [ <path> ]*
		restorecon_recursive <path> [ <path> ]*
		Recursively restore the directory tree named by <path> to the
		security contexts specified in the file_contexts configuration.
		Do NOT use this with paths leading to shell-writable or app-writable
		directories, e.g. /data/local/tmp, /data/data or any prefix thereof.

		setcon <securitycontext>
		Set the current process security context to the specified string.