From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch changes the mode bits on the selinuxfs enforce node so that
non-root processes can read it.  This is necessary to allow non-root
userspace policy enforcers to check the enforcing flag upon a permission
failure as well.  A process must still have the appropriate SELinux
permission in order to read the node.