3 files changed, 7 insertions, 5 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3cf368a16448..d987048d3f33 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str)
         return 1;
 }
 __setup("selinux=", selinux_enabled_setup);
+#else
+int selinux_enabled = 1;
 #endif
 
 /* Original (dummy) security module. */
@@ -4535,6 +4537,7 @@ int selinux_disable(void)
         printk(KERN_INFO "SELinux:  Disabled at runtime.\n");
 
         selinux_disabled = 1;
+        selinux_enabled = 0;
 
         /* Reset security_ops to the secondary module, dummy or capability. */
         security_ops = secondary_ops;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 5f016c98056f..063af47bb231 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -29,12 +29,7 @@
 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
 #define POLICYDB_VERSION_MAX   POLICYDB_VERSION_AVTAB
 
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
 extern int selinux_enabled;
-#else
-#define selinux_enabled 1
-#endif
-
 extern int selinux_mls_enabled;
 
 int security_load_policy(void * data, size_t len);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 7177e98df7f3..c284dbb8b8c0 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -594,6 +594,10 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
 
                         *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
                         scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
+                        if (!scontextp) {
+                                rc = -ENOMEM;
+                                goto out;
+                        }
                         strcpy(scontextp, initial_sid_to_string[sid]);
                         *scontext = scontextp;
                         goto out;