From 55a0e73806ec64279ea31d57b2116672631696a8 Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Tue, 18 Jul 2023 20:49:19 +0200
Subject: selinux: introduce SECURITY_SELINUX_DEBUG configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The policy database code contains several debug output statements
related to hashtable utilization.  Those are guarded by the macro
DEBUG_HASHES, which is neither documented nor set anywhere.

Introduce a new Kconfig configuration guarding this and potential
other future debugging related code.  Disable the setting by default.

Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: fixed line lengths in the help text]
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/selinux/Kconfig | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'security/selinux/Kconfig')

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index c275115b5088..d30348fbe0df 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -68,3 +68,12 @@ config SECURITY_SELINUX_SID2STR_CACHE_SIZE
 	  conversion.  Setting this option to 0 disables the cache completely.
 
 	  If unsure, keep the default value.
+
+config SECURITY_SELINUX_DEBUG
+	bool "SELinux kernel debugging support"
+	depends on SECURITY_SELINUX
+	default n
+	help
+	  This enables debugging code designed to help SELinux kernel
+	  developers, unless you know what this does in the kernel code you
+	  should leave this disabled.
-- 
cgit v1.2.3