From ed868a56988464cd31de0302426a5e94d3127f10 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Sat, 12 Sep 2009 22:54:10 -0400
Subject: Creds: creds->security can be NULL is selinux is disabled

__validate_process_creds should check if selinux is actually enabled before
running tests on the selinux portion of the credentials struct.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 include/linux/selinux.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'include/linux/selinux.h')

diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 20f965d4b041..223d06a6feb1 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -61,6 +61,11 @@ void selinux_secmark_refcount_inc(void);
  *     existing SECMARK targets has been removed/flushed.
  */
 void selinux_secmark_refcount_dec(void);
+
+/**
+ * selinux_is_enabled - is SELinux enabled?
+ */
+bool selinux_is_enabled(void);
 #else
 
 static inline int selinux_string_to_sid(const char *str, u32 *sid)
@@ -84,6 +89,10 @@ static inline void selinux_secmark_refcount_dec(void)
 	return;
 }
 
+static bool selinux_is_enabled(void)
+{
+	return false;
+}
 #endif	/* CONFIG_SECURITY_SELINUX */
 
 #endif /* _LINUX_SELINUX_H */
-- 
cgit v1.2.3-59-g8ed1b