git.maquefel.me Git - linux.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Tue, 17 Dec 2019 14:15:10 +0000 (09:15 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Thu, 19 Dec 2019 02:22:46 +0000 (21:22 -0500)
commit	6c5a682e6497cb1f7a67303ce098462a36bed362
tree	2164f187397e93da543e872b363b7347bf8f56ba	tree \| snapshot
parent	210a292874517782bed2e2220c7beb1608d3b05d	commit \| diff

selinux: clean up selinux_enabled/disabled/enforcing_boot

Rename selinux_enabled to selinux_enabled_boot to make it clear that
it only reflects whether SELinux was enabled at boot. Replace the
references to it in the MAC_STATUS audit log in sel_write_enforce()
with hardcoded "1" values because this code is only reachable if SELinux
is enabled and does not change its value, and update the corresponding
MAC_STATUS audit log in sel_write_disable(). Stop clearing
selinux_enabled in selinux_disable() since it is not used outside of
initialization code that runs before selinux_disable() can be reached.
Mark both selinux_enabled_boot and selinux_enforcing_boot as __initdata
since they are only used in initialization code.

Wrap the disabled field in the struct selinux_state with
CONFIG_SECURITY_SELINUX_DISABLE since it is only used for
runtime disable.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/selinux/hooks.c		diff \| blob \| history
security/selinux/ibpkey.c		diff \| blob \| history
security/selinux/include/security.h		diff \| blob \| history
security/selinux/netif.c		diff \| blob \| history
security/selinux/netnode.c		diff \| blob \| history
security/selinux/netport.c		diff \| blob \| history
security/selinux/selinuxfs.c		diff \| blob \| history