From 99fb01e42a184fa8a206c84be12b7e34cc2947bb Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 27 Feb 2016 08:19:01 -0800
Subject: [PATCH] Revert "logd: Don't trigger an integrity failure on
 permissive SELinux denials"

external/sepolicy commit bca98efa575bedab68f2d5eaee2cd1fd1741962b
ensures that no permissive domains can be on user builds, and
external/sepolicy commit 3872ee396898fcb23bdc49c37fd02d81014aaa5f
re-enables enforcing mode on cameraserver.

The conditions which lead to the integrity failure detection
triggering can no longer occur. Revert the patch which relaxed
the detection.

This reverts commit 33ee84f87115f1e0a2a3a6bf61dc89b97a96daa2.

Bug: 27313768
Bug: 26902605
Change-Id: I8ee97d0858345695f9df8240de4e696f4a9ba008
---
 logd/LogAudit.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index 7c35dc60d..230dd1125 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -155,15 +155,15 @@ int LogAudit::logPrint(const char *fmt, ...) {
         }
     }
 
-    bool notEnforcing = strstr(str, " enforcing=0");
-    bool permissive = strstr(str, " permissive=1");
+    bool permissive = strstr(str, " enforcing=0") ||
+                      strstr(str, " permissive=1");
 
-    if (notEnforcing) {
+    if (permissive) {
         // SELinux in permissive mode is not allowed
         enforceIntegrity();
     }
 
-    bool info = loaded || permissive || notEnforcing;
+    bool info = loaded || permissive;
     if ((fdDmesg >= 0) && initialized) {
         struct iovec iov[3];
         static const char log_info[] = { KMSG_PRIORITY(LOG_INFO) };