Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 99fb01e4 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Revert "logd: Don't trigger an integrity failure on permissive SELinux denials" 

external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b
ensures that no permissive domains can be on user builds, and
external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f
re-enables enforcing mode on cameraserver.

The conditions which lead to the integrity failure detection
triggering can no longer occur. Revert the patch which relaxed
the detection.

This reverts commit 33ee84f8.

Bug: 27313768
Bug: 26902605
Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008
parent 33ee84f8

logd/LogAudit.cpp

+4 −4
Original line number Original line Diff line number Diff line
@@ -155,15 +155,15 @@ int LogAudit::logPrint(const char *fmt, ...) { 
        }

        }

    }

    }





    bool notEnforcing = strstr(str, " enforcing=0");

    bool permissive = strstr(str, " enforcing=0") ||

    bool permissive = strstr(str, " permissive=1");

                      strstr(str, " permissive=1");





    if (notEnforcing) {

    if (permissive) {

        // SELinux in permissive mode is not allowed

        // SELinux in permissive mode is not allowed

        enforceIntegrity();

        enforceIntegrity();

    }

    }





    bool info = loaded || permissive || notEnforcing;

    bool info = loaded || permissive;

    if ((fdDmesg >= 0) && initialized) {

    if ((fdDmesg >= 0) && initialized) {

        struct iovec iov[3];

        struct iovec iov[3];

        static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) };

        static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) };