openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Revert "logd: Don't trigger an integrity failure on permissive SELinux denials" 

external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b
ensures that no permissive domains can be on user builds, and
external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f
re-enables enforcing mode on cameraserver.

The conditions which lead to the integrity failure detection
triggering can no longer occur. Revert the patch which relaxed
the detection.

This reverts commit 33ee84f871.

Bug: 27313768
Bug: 26902605
Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008
This commit is contained in:
Nick Kralevich 2016-02-27 08:19:01 -08:00
parent 33ee84f871
commit 99fb01e42a
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
logd/LogAudit.cpp
View File

@ -155,15 +155,15 @@ int LogAudit::logPrint(const char *fmt, ...) {
}
}
bool notEnforcing = strstr(str, " enforcing=0");
bool permissive = strstr(str, " permissive=1");
bool permissive = strstr(str, " enforcing=0") ||
strstr(str, " permissive=1");
if (notEnforcing) {
if (permissive) {
// SELinux in permissive mode is not allowed
enforceIntegrity();
}
bool info = loaded || permissive || notEnforcing;
bool info = loaded || permissive;
if ((fdDmesg >= 0) && initialized) {
struct iovec iov[3];
static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) };