sd-bus: don't try to acquire connection selinux label unless selinux is actually enabled

Otherwise we might end up mistaking a SMACK label for an selinux label.

Also, fixes unexpect debug messages:

http://lists.freedesktop.org/archives/systemd-devel/2015-November/034913.html

src/libsystemd/sd-bus/bus-control.c

@@ -981,8 +981,12 @@ static int bus_get_owner_creds_kdbus(sd_bus *bus, uint64_t mask, sd_bus_creds **
 static int bus_get_owner_creds_dbus1(sd_bus *bus, uint64_t mask, sd_bus_creds **ret) {
         _cleanup_bus_creds_unref_ sd_bus_creds *c = NULL;
         pid_t pid = 0;
+        bool do_label;
         int r;
-        bool do_label = bus->label && (mask & SD_BUS_CREDS_SELINUX_CONTEXT);
+
+        assert(bus);
+
+        do_label = bus->label && (mask & SD_BUS_CREDS_SELINUX_CONTEXT);
 
         /* Avoid allocating anything if we have no chance of returning useful data */
         if (!bus->ucred_valid && !do_label)

src/libsystemd/sd-bus/bus-socket.c

@@ -36,6 +36,7 @@
 #include "hexdecoct.h"
 #include "macro.h"
 #include "missing.h"
+#include "selinux-util.h"
 #include "signal-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
@@ -608,9 +609,11 @@ static void bus_get_peercred(sd_bus *b) {
         b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
 
         /* Get the SELinux context of the peer */
-        r = getpeersec(b->input_fd, &b->label);
-        if (r < 0 && r != -EOPNOTSUPP)
-                log_debug_errno(r, "Failed to determine peer security context: %m");
+        if (mac_selinux_use()) {
+                r = getpeersec(b->input_fd, &b->label);
+                if (r < 0 && r != -EOPNOTSUPP)
+                        log_debug_errno(r, "Failed to determine peer security context: %m");
+        }
 }
 
 static int bus_socket_start_auth_client(sd_bus *b) {