tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

logd: Don't trigger an integrity failure on permissive SELinux denials

Browse source 
Only trigger an integrity failure if a policy is reloaded or
SELinux is disabled. Don't trigger the integrity failure if
we see a permissive=1 denial, which could occur if an SELinux
domain is in permissive mode.

Bug: 27313768
Bug: 26902605
Change-Id: Ib85a2799eb6378ae8acdb965b1812d691183fdd3
This commit is contained in:
Nick Kralevich 2016-02-26 16:50:51 -08:00
parent 242393fec1
commit 33ee84f871
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
logd/LogAudit.cpp
View file

@ -155,15 +155,15 @@ int LogAudit::logPrint(const char *fmt, ...) {
}
}
bool permissive = strstr(str, " enforcing=0") ||
strstr(str, " permissive=1");
bool notEnforcing = strstr(str, " enforcing=0");
bool permissive = strstr(str, " permissive=1");
if (permissive) {
if (notEnforcing) {
// SELinux in permissive mode is not allowed
enforceIntegrity();
}
bool info = loaded || permissive;
bool info = loaded || permissive || notEnforcing;
if ((fdDmesg >= 0) && initialized) {
struct iovec iov[3];
static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) };