• Stephen Smalley's avatar
    selinux: clean up selinux_enabled/disabled/enforcing_boot · 6c5a682e
    Stephen Smalley authored
    Rename selinux_enabled to selinux_enabled_boot to make it clear that
    it only reflects whether SELinux was enabled at boot.  Replace the
    references to it in the MAC_STATUS audit log in sel_write_enforce()
    with hardcoded "1" values because this code is only reachable if SELinux
    is enabled and does not change its value, and update the corresponding
    MAC_STATUS audit log in sel_write_disable().  Stop clearing
    selinux_enabled in selinux_disable() since it is not used outside of
    initialization code that runs before selinux_disable() can be reached.
    Mark both selinux_enabled_boot and selinux_enforcing_boot as __initdata
    since they are only used in initialization code.
    
    Wrap the disabled field in the struct selinux_state with
    CONFIG_SECURITY_SELINUX_DISABLE since it is only used for
    runtime disable.
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    6c5a682e
security.h 11.8 KB