1 files changed, 0 insertions, 27 deletions

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index bb850b608dc6..cd44b13b8d3f 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -864,8 +864,6 @@ void policydb_destroy(struct policydb *p)
 int policydb_load_isids(struct policydb *p, struct sidtab *s)
 {
 	struct ocontext *head, *c;
-	bool isid_init_supported = ebitmap_get_bit(&p->policycaps,
-						   POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT);
 	int rc;
 
 	rc = sidtab_init(s);
@@ -889,13 +887,6 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
 		if (!name)
 			continue;
 
-		/*
-		 * Also ignore SECINITSID_INIT if the policy doesn't declare
-		 * support for it
-		 */
-		if (sid == SECINITSID_INIT && !isid_init_supported)
-			continue;
-
 		rc = sidtab_set_initial(s, sid, &c->context[0]);
 		if (rc) {
 			pr_err("SELinux:  unable to load initial SID %s.\n",
@@ -903,24 +894,6 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
 			sidtab_destroy(s);
 			return rc;
 		}
-
-		/*
-		 * If the policy doesn't support the "userspace_initial_context"
-		 * capability, set SECINITSID_INIT to the same context as
-		 * SECINITSID_KERNEL. This ensures the same behavior as before
-		 * the reintroduction of SECINITSID_INIT, where all tasks
-		 * started before policy load would initially get the context
-		 * corresponding to SECINITSID_KERNEL.
-		 */
-		if (sid == SECINITSID_KERNEL && !isid_init_supported) {
-			rc = sidtab_set_initial(s, SECINITSID_INIT, &c->context[0]);
-			if (rc) {
-				pr_err("SELinux:  unable to load initial SID %s.\n",
-				       name);
-				sidtab_destroy(s);
-				return rc;
-			}
-		}
 	}
 	return 0;
 }