summaryrefslogtreecommitdiffstats
path: root/security/selinux/netif.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2019-12-17 15:15:10 +0100
committerPaul Moore <paul@paul-moore.com>2019-12-19 03:22:46 +0100
commit6c5a682e6497cb1f7a67303ce098462a36bed362 (patch)
tree2164f187397e93da543e872b363b7347bf8f56ba /security/selinux/netif.c
parentselinux: remove unnecessary selinux cred request (diff)
downloadlinux-6c5a682e6497cb1f7a67303ce098462a36bed362.tar.xz
linux-6c5a682e6497cb1f7a67303ce098462a36bed362.zip
selinux: clean up selinux_enabled/disabled/enforcing_boot
Rename selinux_enabled to selinux_enabled_boot to make it clear that it only reflects whether SELinux was enabled at boot. Replace the references to it in the MAC_STATUS audit log in sel_write_enforce() with hardcoded "1" values because this code is only reachable if SELinux is enabled and does not change its value, and update the corresponding MAC_STATUS audit log in sel_write_disable(). Stop clearing selinux_enabled in selinux_disable() since it is not used outside of initialization code that runs before selinux_disable() can be reached. Mark both selinux_enabled_boot and selinux_enforcing_boot as __initdata since they are only used in initialization code. Wrap the disabled field in the struct selinux_state with CONFIG_SECURITY_SELINUX_DISABLE since it is only used for runtime disable. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/netif.c')
-rw-r--r--security/selinux/netif.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index e40fecd73752..15b8c1bcd7d0 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -266,7 +266,7 @@ static __init int sel_netif_init(void)
{
int i;
- if (!selinux_enabled)
+ if (!selinux_enabled_boot)
return 0;
for (i = 0; i < SEL_NETIF_HASH_SIZE; i++)