SELinux: flush the avc before disabling SELinux

Before SELinux is disabled at boot it can create AVC entries.  This patch
will flush those entries before disabling SELinux.
Signed-off-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

security/selinux/avc.c

@@ -868,6 +868,8 @@ u32 avc_policy_seqno(void)
 
 void avc_disable(void)
 {
+	avc_flush();
+	synchronize_rcu();
 	if (avc_node_cachep)
 		kmem_cache_destroy(avc_node_cachep);
 }