Build support for SELinux instead of TOMOYO

This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.

SELinux components are built-in but disabled by default. To enable
SELinux, it should be enough to add "selinux=1" to the kernel options
at boot time (or in the bootloader configuration file).

kernel-i586.config

@@ -8074,14 +8074,17 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
-# CONFIG_SECURITY_SELINUX is not set
+CONFIG_LSM_MMAP_MIN_ADDR=65536
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
 # CONFIG_SECURITY_SMACK is not set
-CONFIG_SECURITY_TOMOYO=y
+# CONFIG_SECURITY_TOMOYO is not set
-CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
-CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
-# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
-CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_YAMA is not set
 CONFIG_INTEGRITY=y
@@ -8100,9 +8103,10 @@ CONFIG_IMA_DEFAULT_HASH_SHA1=y
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_WRITE_POLICY is not set
 # CONFIG_IMA_READ_POLICY is not set
-CONFIG_DEFAULT_SECURITY_TOMOYO=y
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="tomoyo"
+CONFIG_DEFAULT_SECURITY_SELINUX=y
+CONFIG_DEFAULT_SECURITY="selinux"
 CONFIG_XOR_BLOCKS=y
 CONFIG_ASYNC_CORE=m
 CONFIG_ASYNC_MEMCPY=m

kernel-x86_64.config

@@ -7874,14 +7874,17 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
-# CONFIG_SECURITY_SELINUX is not set
+CONFIG_LSM_MMAP_MIN_ADDR=65536
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
 # CONFIG_SECURITY_SMACK is not set
-CONFIG_SECURITY_TOMOYO=y
+# CONFIG_SECURITY_TOMOYO is not set
-CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
-CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
-# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
-CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_YAMA is not set
 CONFIG_INTEGRITY=y
@@ -7900,9 +7903,10 @@ CONFIG_IMA_DEFAULT_HASH_SHA1=y
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_WRITE_POLICY is not set
 # CONFIG_IMA_READ_POLICY is not set
-CONFIG_DEFAULT_SECURITY_TOMOYO=y
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="tomoyo"
+CONFIG_DEFAULT_SECURITY_SELINUX=y
+CONFIG_DEFAULT_SECURITY="selinux"
 CONFIG_XOR_BLOCKS=y
 CONFIG_ASYNC_CORE=m
 CONFIG_ASYNC_MEMCPY=m