kernel: don't setenforce if kernel is already permissive

2022-12-12 22:18:59 +07:00
parent a30507dfcc
commit 280660125f
3 changed files with 13 additions and 2 deletions
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -89,4 +89,12 @@ void setenforce(bool enforce) {
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 	selinux_state.enforcing = enforce;
 #endif
+}
+
+bool getenforce() {
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+	return selinux_state.enforcing;
+#else
+    return false;
+#endif
 }
--- a/kernel/selinux/selinux.h
+++ b/kernel/selinux/selinux.h
@@ -5,4 +5,6 @@ void setup_selinux();

 void setenforce(bool);

+bool getenforce();
+
 #endif