1 files changed, 11 insertions, 0 deletions

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 325551cd7fc7..6bdb0ff6a927 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -111,6 +111,11 @@ static struct policydb_compat_info policydb_compat[] = {
                 .version        = POLICYDB_VERSION_POLCAP,
                 .sym_num        = SYM_NUM,
                 .ocon_num       = OCON_NUM,
+        },
+        {
+                .version        = POLICYDB_VERSION_PERMISSIVE,
+                .sym_num        = SYM_NUM,
+                .ocon_num       = OCON_NUM,
         }
 };
 
@@ -194,6 +199,7 @@ static int policydb_init(struct policydb *p)
                 goto out_free_symtab;
 
         ebitmap_init(&p->policycaps);
+        ebitmap_init(&p->permissive_map);
 
 out:
         return rc;
@@ -687,6 +693,7 @@ void policydb_destroy(struct policydb *p)
         kfree(p->type_attr_map);
         kfree(p->undefined_perms);
         ebitmap_destroy(&p->policycaps);
+        ebitmap_destroy(&p->permissive_map);
 
         return;
 }
@@ -1570,6 +1577,10 @@ int policydb_read(struct policydb *p, void *fp)
             ebitmap_read(&p->policycaps, fp) != 0)
                 goto bad;
 
+        if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
+            ebitmap_read(&p->permissive_map, fp) != 0)
+                goto bad;
+
         info = policydb_lookup_compat(p->policyvers);
         if (!info) {
                 printk(KERN_ERR "SELinux:  unable to find policy compat info "