init: Make restorecon_recursive work for /data/

In the following commit:

    commit f2b7ee765516c84a9995e3acdc8fbcd7dc1b33cc
    Author: Stephen Smalley <>
    Date:   Thu Feb 6 13:52:52 2014 -0500

    Apply restorecon_recursive to all of /data.

they removed all the adhoc restorecon_recursive of subdirectories
of /data/ and replaced it with:

    # Set SELinux security contexts on upgrade or policy update.
    restorecon_recursive /data

Unfortunately, that is a no-op because restorecon doesn't recurse
through /data/ unless you add a FORCE flag.

Since the expectation seems to be that the recursive restorecon
in init will actually work, update the built-in to add the force
flag and a flag to allow /data/data to also be recursed through.

[RC: Removed the DATADATA flag. It throws a ton of errors, and it's
supposed to be handled by seapp_contexts, not file_contexts. The actual
root paths, however, now get their individual restorecon calls so that
installd can deal with them]

Change-Id: I435c505188e924b27ef2e6a2e0ee0a6951e43f0e
2 files changed