diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index dea3adbcb69198519ea6527ed456c5db998df631..56ff8783423c268f57e14d1686bc1e4c2c9d28da 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -628,6 +628,7 @@ out:
 #define DATA_APP_EL3 "/data/app/el3/"
 #define DATA_APP_EL4 "/data/app/el4/"
 #define DATA_ACCOUNTS_ACCOUNT_0 "/data/accounts/account_0/"
+#define DATA_APP_EL2_LOG "/data/app/el2/%d/log"
 
 static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool first)
 {
@@ -639,13 +640,18 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
 	bool updated = false;
 	const char *lookup_path = pathname;
 	float pc;
+	int userid = 0;
 	if (!strncmp(pathname, DATA_APP_EL1, sizeof(DATA_APP_EL1) - 1) ||
-		!strncmp(pathname, DATA_APP_EL2, sizeof(DATA_APP_EL2) - 1) ||
 		!strncmp(pathname, DATA_APP_EL3, sizeof(DATA_APP_EL3) - 1) ||
 		!strncmp(pathname, DATA_APP_EL4, sizeof(DATA_APP_EL4) - 1) ||
 		!strncmp(pathname, DATA_ACCOUNTS_ACCOUNT_0, sizeof(DATA_ACCOUNTS_ACCOUNT_0) - 1)) {
 		goto out;
 	}
+	if (!strncmp(pathname, DATA_APP_EL2, sizeof(DATA_APP_EL2) - 1)) {
+		if (sscanf(pathname, DATA_APP_EL2_LOG, &userid) != 1) {
+			goto out;
+		}
+	}
 	if (rootpath) {
 		if (strncmp(rootpath, lookup_path, rootpathlen) != 0) {
 			selinux_log(SELINUX_ERROR,