SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement

[linux-2.6-omap-h63xx.git] / security / selinux / netlabel.c

diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index e64eca246f1ab25ce57cb1190cc578fa643421e9..ed9155b29c1a9bf6eebedec3311a0971dc596342 100644 (file)
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -155,6 +155,11 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid)
        int rc;
        struct netlbl_lsm_secattr secattr;
 
+       if (!netlbl_enabled()) {
+               *sid = SECSID_NULL;
+               return 0;
+       }
+
        netlbl_secattr_init(&secattr);
        rc = netlbl_skbuff_getattr(skb, &secattr);
        if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
@@ -298,6 +303,9 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
        u32 netlbl_sid;
        u32 recv_perm;
 
+       if (!netlbl_enabled())
+               return 0;
+
        rc = selinux_netlbl_skbuff_getsid(skb,
                                          SECINITSID_UNLABELED,
                                          &netlbl_sid);