XSELinux: Add xorg.conf option for permissive/enforcing/disabled.

Patch by Joe Nall.

The option goes in the "extmod" subsection.
TODO: Make it easier for extension modules to handle their own options.

2 files changed, 25 insertions, 1 deletions

diff --git a/hw/xfree86/dixmods/extmod/modinit.c b/hw/xfree86/dixmods/extmod/modinit.c
index d0d892aaf..8c8a4ceeb 100644
--- a/hw/xfree86/dixmods/extmod/modinit.c
+++ b/hw/xfree86/dixmods/extmod/modinit.c
@@ -42,7 +42,7 @@ static ExtensionModule extensionModules[] = {
     {
 	SELinuxExtensionInit,
 	SELINUX_EXTENSION_NAME,
-	NULL,
+	&noSELinuxExtension,
 	NULL,
 	NULL
     },
@@ -258,6 +258,27 @@ extmodSetup(pointer module, pointer opts, int *errmaj, int *errmin)
 		}
 	    }
 	}
+
+#ifdef XSELINUX
+	if (! strcmp(SELINUX_EXTENSION_NAME, extensionModules[i].name)) {
+	    pointer o;
+	    selinuxEnforcingState = SELINUX_MODE_DEFAULT;
+
+	    if ((o = xf86FindOption(opts, "SELinux mode disabled"))) {
+		xf86MarkOptionUsed(o);
+		selinuxEnforcingState = SELINUX_MODE_DISABLED;
+	    }
+	    if ((o = xf86FindOption(opts, "SELinux mode permissive"))) {
+		xf86MarkOptionUsed(o);
+		selinuxEnforcingState = SELINUX_MODE_PERMISSIVE;
+	    }
+	    if ((o = xf86FindOption(opts, "SELinux mode enforcing"))) {
+		xf86MarkOptionUsed(o);
+		selinuxEnforcingState = SELINUX_MODE_ENFORCING;
+	    }
+	}
+#endif
+
 	LoadExtension(&extensionModules[i], FALSE);
     }
     /* Need a non-NULL return */
diff --git a/hw/xfree86/loader/dixsym.c b/hw/xfree86/loader/dixsym.c
index d035c762f..d6d22c4b9 100644
--- a/hw/xfree86/loader/dixsym.c
+++ b/hw/xfree86/loader/dixsym.c
@@ -440,6 +440,9 @@ _X_HIDDEN void *dixLookupTab[] = {
 #ifdef XIDLE
     SYMVAR(noXIdleExtension)
 #endif
+#ifdef XSELINUX
+    SYMVAR(noSELinuxExtension)
+#endif
 #ifdef XV
     SYMVAR(noXvExtension)
 #endif