From 92b9aa0eeff49e5bc3dc6297f3d35ec41d6ab73d Mon Sep 17 00:00:00 2001
From: Colin Cross <ccross@android.com>
Date: Thu, 20 Dec 2012 15:26:02 -0800
Subject: [PATCH] add file_contexts entries for root filesystem

It may be useful to generate an ext4 image of the root filesystem
instead of using a ramdisk.  Whitelist entries in file_contexts to
support selinux labeling a root filesystem image.

Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
---
 file_contexts | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/file_contexts b/file_contexts
index 976783f09..d5d954f0a 100644
--- a/file_contexts
+++ b/file_contexts
@@ -1,9 +1,31 @@
 ###########################################
 # Root
-#
-# Nothing required since it is initramfs and implicitly labeled
-# by genfscon rootfs in ocontexts.
-#
+/			u:object_r:rootfs:s0
+
+# Data files
+/adb_keys
+/default.prop		u:object_r:rootfs:s0
+/fstab\..*		u:object_r:rootfs:s0
+/init\..*		u:object_r:rootfs:s0
+/res(/.*)?		u:object_r:rootfs:s0
+/ueventd\..*		u:object_r:rootfs:s0
+
+# Executables
+/charger		u:object_r:rootfs:s0
+/init			u:object_r:rootfs:s0
+/sbin(/.*)?		u:object_r:rootfs:s0
+
+# Empty directories
+/lost\+found		u:object_r:rootfs:s0
+/proc			u:object_r:rootfs:s0
+/sys			u:object_r:rootfs:s0
+
+# SELinux policy files
+/file_contexts		u:object_r:rootfs:s0
+/property_contexts	u:object_r:rootfs:s0
+/seapp_contexts		u:object_r:rootfs:s0
+/sepolicy		u:object_r:rootfs:s0
+
 ##########################
 # Devices
 #
-- 
GitLab