init: Make restorecon_recursive work for /data/

In the following commit:

    commit f2b7ee7
    Author: Stephen Smalley <[email protected]>
    Date:   Thu Feb 6 13:52:52 2014 -0500

    Apply restorecon_recursive to all of /data.

they removed all the adhoc restorecon_recursive of subdirectories
of /data/ and replaced it with:

    # Set SELinux security contexts on upgrade or policy update.
    restorecon_recursive /data

Unfortunately, that is a no-op because restorecon doesn't recurse
through /data/ unless you add a FORCE flag.

Since the expectation seems to be that the recursive restorecon
in init will actually work, update the built-in to add the force
flag and a flag to allow /data/data to also be recursed through.

[RC: Removed the DATADATA flag. It throws a ton of errors, and it's
supposed to be handled by seapp_contexts, not file_contexts. The actual
root paths, however, now get their individual restorecon calls so that
installd can deal with them]

Change-Id: I435c505188e924b27ef2e6a2e0ee0a6951e43f0e

Author: crpalmer

init/util.c

@@ -530,7 +530,11 @@ int restorecon(const char* pathname)
     return selinux_android_restorecon(pathname, 0);
 }
 
+#define RESTORECON_RECURSIVE_FLAGS \
+        (SELINUX_ANDROID_RESTORECON_FORCE | \
+        SELINUX_ANDROID_RESTORECON_RECURSE)
+
 int restorecon_recursive(const char* pathname)
 {
-    return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE);
+    return selinux_android_restorecon(pathname, RESTORECON_RECURSIVE_FLAGS);
 }

rootdir/init.rc

@@ -315,6 +315,9 @@ on post-fs-data
 
     # Set SELinux security contexts on upgrade or policy update.
     restorecon_recursive /data
+    restorecon /data/data
+    restorecon /data/user
+    restorecon /data/user/0
 
     # If there is no fs-post-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems