Only apply restorecon_recursive when file_contexts changes.
For any persistent directory (e.g. /data, /persist), we only want
to apply restorecon_recursive when there is a change to the
file_contexts mapping on an update. Avoid repeatedly walking the
directory tree on each boot by setting a security.restorecon_last
xattr on each directory during a restorecon_recursive tree walk
to a hash of the file_contexts file and skipping the traversal if
the xattr is already set and matches the hash of the current file_contexts
file.
For /sys, the attempt to get and set the xattr will fail but this
is harmless.
Change-Id: I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2 files changed