1 files changed, 38 insertions, 0 deletions

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 21b8318979e3..40660ffd49b6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1257,6 +1257,7 @@ bad:
 }
 
 extern void selinux_complete_init(void);
+static int security_preserve_bools(struct policydb *p);
 
 /**
  * security_load_policy - Load a security policy configuration.
@@ -1333,6 +1334,12 @@ int security_load_policy(void *data, size_t len)
                 goto err;
         }
 
+        rc = security_preserve_bools(&newpolicydb);
+        if (rc) {
+                printk(KERN_ERR "security:  unable to preserve booleans\n");
+                goto err;
+        }
+
         /* Clone the SID table. */
         sidtab_shutdown(&sidtab);
         if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
@@ -1890,6 +1897,37 @@ out:
         return rc;
 }
 
+static int security_preserve_bools(struct policydb *p)
+{
+        int rc, nbools = 0, *bvalues = NULL, i;
+        char **bnames = NULL;
+        struct cond_bool_datum *booldatum;
+        struct cond_node *cur;
+
+        rc = security_get_bools(&nbools, &bnames, &bvalues);
+        if (rc)
+                goto out;
+        for (i = 0; i < nbools; i++) {
+                booldatum = hashtab_search(p->p_bools.table, bnames[i]);
+                if (booldatum)
+                        booldatum->state = bvalues[i];
+        }
+        for (cur = p->cond_list; cur != NULL; cur = cur->next) {
+                rc = evaluate_cond_node(p, cur);
+                if (rc)
+                        goto out;
+        }
+
+out:
+        if (bnames) {
+                for (i = 0; i < nbools; i++)
+                        kfree(bnames[i]);
+        }
+        kfree(bnames);
+        kfree(bvalues);
+        return rc;
+}
+
 /*
  * security_sid_mls_copy() - computes a new sid based on the given
  * sid and the mls portion of mls_sid.