libselinux: is_selinux_enabled: Add /etc/selinux/config test.

To avoid regressions such as the one reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1219045
add a test for /etc/selinux/config to is_selinux_enabled().

This ensures that systems that do not install selinux-policy
will continue to return 0 from is_selinux_enabled().

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

libselinux/src/enabled.c

@@ -14,7 +14,11 @@ int is_selinux_enabled(void)
 	/* init_selinuxmnt() gets called before this function. We
  	 * will assume that if a selinux file system is mounted, then
  	 * selinux is enabled. */
+#ifdef ANDROID
 	return (selinux_mnt ? 1 : 0);
+#else
+	return (selinux_mnt && has_selinux_config);
+#endif
 }
 
 hidden_def(is_selinux_enabled)

libselinux/src/init.c

@@ -22,6 +22,8 @@ char *selinux_mnt = NULL;
 int selinux_page_size = 0;
 int obj_class_compat = 1;
 
+int has_selinux_config = 0;
+
 /* Verify the mount point for selinux file system has a selinuxfs.
    If the file system:
    * Exist,
@@ -165,6 +167,9 @@ static void init_lib(void)
 {
 	selinux_page_size = sysconf(_SC_PAGE_SIZE);
 	init_selinuxmnt();
+#ifndef ANDROID
+	has_selinux_config = (access(SELINUXCONFIG, F_OK) == 0);
+#endif
 }
 
 static void fini_lib(void) __attribute__ ((destructor));

libselinux/src/selinux_config.c

@@ -13,8 +13,6 @@
 #include "selinux_internal.h"
 #include "get_default_type_internal.h"
 
-#define SELINUXDIR "/etc/selinux/"
-#define SELINUXCONFIG SELINUXDIR "config"
 #define SELINUXDEFAULT "targeted"
 #define SELINUXTYPETAG "SELINUXTYPE="
 #define SELINUXTAG "SELINUX="

libselinux/src/selinux_internal.h

@@ -137,3 +137,8 @@ extern int selinux_page_size hidden;
 		if (pthread_setspecific != NULL)		\
 			pthread_setspecific(KEY, VALUE);	\
 	} while (0)
+
+#define SELINUXDIR "/etc/selinux/"
+#define SELINUXCONFIG SELINUXDIR "config"
+
+extern int has_selinux_config hidden;