diff options
| author |   Stephen Smalley <sds@tycho.nsa.gov> | 2019-12-17 09:15:10 -0500 |
|---|---|---|
| committer |   Paul Moore <paul@paul-moore.com> | 2019-12-18 21:22:46 -0500 |
| commit | 6c5a682e6497cb1f7a67303ce098462a36bed362 (patch) | |
| tree | 2164f187397e93da543e872b363b7347bf8f56ba /security/selinux/netif.c | |
| parent | selinux: remove unnecessary selinux cred request (diff) | |
| download | linux-dev-6c5a682e6497cb1f7a67303ce098462a36bed362.tar.xz linux-dev-6c5a682e6497cb1f7a67303ce098462a36bed362.zip | |
selinux: clean up selinux_enabled/disabled/enforcing_boot
Rename selinux_enabled to selinux_enabled_boot to make it clear that
it only reflects whether SELinux was enabled at boot. Replace the
references to it in the MAC_STATUS audit log in sel_write_enforce()
with hardcoded "1" values because this code is only reachable if SELinux
is enabled and does not change its value, and update the corresponding
MAC_STATUS audit log in sel_write_disable(). Stop clearing
selinux_enabled in selinux_disable() since it is not used outside of
initialization code that runs before selinux_disable() can be reached.
Mark both selinux_enabled_boot and selinux_enforcing_boot as __initdata
since they are only used in initialization code.
Wrap the disabled field in the struct selinux_state with
CONFIG_SECURITY_SELINUX_DISABLE since it is only used for
runtime disable.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/netif.c')
| -rw-r--r-- | security/selinux/netif.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netif.c b/security/selinux/netif.c index e40fecd73752..15b8c1bcd7d0 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -266,7 +266,7 @@ static __init int sel_netif_init(void) { int i; - if (!selinux_enabled) + if (!selinux_enabled_boot) return 0; for (i = 0; i < SEL_NETIF_HASH_SIZE; i++) |