1 files changed, 0 insertions, 28 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cf787eaca755..7138083c5bef 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2313,19 +2313,6 @@ static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm)
 	new_tsec->keycreate_sid = 0;
 	new_tsec->sockcreate_sid = 0;
 
-	/*
-	 * Before policy is loaded, label any task outside kernel space
-	 * as SECINITSID_INIT, so that any userspace tasks surviving from
-	 * early boot end up with a label different from SECINITSID_KERNEL
-	 * (if the policy chooses to set SECINITSID_INIT != SECINITSID_KERNEL).
-	 */
-	if (!selinux_initialized()) {
-		new_tsec->sid = SECINITSID_INIT;
-		/* also clear the exec_sid just in case */
-		new_tsec->exec_sid = 0;
-		return 0;
-	}
-
 	if (old_tsec->exec_sid) {
 		new_tsec->sid = old_tsec->exec_sid;
 		/* Reset exec SID on execve. */
@@ -4542,21 +4529,6 @@ static int sock_has_perm(struct sock *sk, u32 perms)
 	if (sksec->sid == SECINITSID_KERNEL)
 		return 0;
 
-	/*
-	 * Before POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT, sockets that
-	 * inherited the kernel context from early boot used to be skipped
-	 * here, so preserve that behavior unless the capability is set.
-	 *
-	 * By setting the capability the policy signals that it is ready
-	 * for this quirk to be fixed. Note that sockets created by a kernel
-	 * thread or a usermode helper executed without a transition will
-	 * still be skipped in this check regardless of the policycap
-	 * setting.
-	 */
-	if (!selinux_policycap_userspace_initial_context() &&
-	    sksec->sid == SECINITSID_INIT)
-		return 0;
-
 	ad_net_init_from_sk(&ad, &net, sk);
 
 	return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms,