SELinux corrupted? Now unable to boot CentOS 7 with SELinux enabled

tl;dr: Everything came down to an invalid value for SELINUXTYPE.

Make sure SELINUXTYPE has a valid value, then perform relabelling if needed (e.g. if you've booted with SELinux off during your diagnostics), reboot and crack open the champagne.

For some reason, and at some point in time, /etc/selinux/config had acquired the setting SELINUXTYPE=permissive.

This is not a valid option for that parameter, and it appears to make the value fall back on the value "default", based upon the reason listed for why Dbus, Login Service and Authorization Manager failed:

Failed to open "/etc/selinux/default/contexts/dbus_contexts": No such file or directory

This is troublesome because there is no selinux-policy-default package in CentOS 7 (on Debian, for example, it was deliberately removed in Jessie so I'd imagine the same is true here).

I suspect this is also why attempts to relabel the file system using restorecon (from single-user mode, and from a shell reached by init=/sbin/sh) resulted in baffling "No such file or directory" outputs, and getenforce would still show "Disabled" for no evident reason.

To switch to the selinux-policy-targeted stuff which is installed, I fixed the configuration to be SELINUXTYPE=targeted (as I believe it should have been all along), then again rebooted with enforcing=0 autorelabel=1.

The relabelling then took place. Following that, the system booted up as normal.