summaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorJeff Garzik <jeff@garzik.org>2006-05-20 00:03:38 -0400
committerJeff Garzik <jeff@garzik.org>2006-05-20 00:03:38 -0400
commitbadc48e6605ddeeb2484afae5993c859494decaa (patch)
tree7da638f9bb53b1812b71e40ad6deca91d59ad301 /security/selinux
parent753a6c4ff4c371a3e4e3408aaba4d03f3cfde73a (diff)
parent2f880b65fdbc2d4915bddc59d75a176329570fdd (diff)
Merge branch 'master' into upstream
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c3
-rw-r--r--security/selinux/include/security.h5
-rw-r--r--security/selinux/ss/services.c4
3 files changed, 7 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3cf368a1644..d987048d3f3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str)
return 1;
}
__setup("selinux=", selinux_enabled_setup);
+#else
+int selinux_enabled = 1;
#endif
/* Original (dummy) security module. */
@@ -4535,6 +4537,7 @@ int selinux_disable(void)
printk(KERN_INFO "SELinux: Disabled at runtime.\n");
selinux_disabled = 1;
+ selinux_enabled = 0;
/* Reset security_ops to the secondary module, dummy or capability. */
security_ops = secondary_ops;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 5f016c98056..063af47bb23 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -29,12 +29,7 @@
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
extern int selinux_enabled;
-#else
-#define selinux_enabled 1
-#endif
-
extern int selinux_mls_enabled;
int security_load_policy(void * data, size_t len);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 7177e98df7f..c284dbb8b8c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -594,6 +594,10 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
+ if (!scontextp) {
+ rc = -ENOMEM;
+ goto out;
+ }
strcpy(scontextp, initial_sid_to_string[sid]);
*scontext = scontextp;
goto out;