diff --git a/fix-selinux-writeup-readdown.patch b/fix-selinux-writeup-readdown.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0c61b3865435542ddcbece53ff8ca6be2986332d
--- /dev/null
+++ b/fix-selinux-writeup-readdown.patch
@@ -0,0 +1,26 @@
+From 40ed42d4663f10b2dc4b38d6fe7a8c24b0828c77 Mon Sep 17 00:00:00 2001
+From: lvzhonglin <lvzhonglin@inspur.com>
+Date: Thu, 19 Sep 2024 10:25:11 +0800
+Subject: [PATCH] write up read down
+
+---
+ policy/mls | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/policy/mls b/policy/mls
+index c862bbe..011805b 100644
+--- a/policy/mls
++++ b/policy/mls
+@@ -90,6 +90,9 @@ mlsconstrain dir search
+ # the "single level" file "write" ops
+ mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
+ 	(( l1 eq l2 ) or
++	 ( l1 eq h2 ) or
++	 ( l1 domby l2 ) or
++	 ( l1 domby h2 ) or
+ 	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ 	 (( t2 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ 	 ( t1 == mlsfilewrite ) or
+-- 
+2.33.0
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c3eb3cd3716436947f030eb4c753884a48e49d6e..d3443bc80d4a7c4d6ae491894a5f0f3b6be8f543 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 22
+Release: 23
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -284,6 +284,7 @@ Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 Patch9004: allow-map-postfix_master_t.patch
 Patch9005: add-rule-for-hostnamed-to-rpmscript-dbus-chat.patch
 Patch9006: allow-init_t-create-fifo-file-in-net_conf-dir.patch
+Patch9007: fix-selinux-writeup-readdown.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -952,6 +953,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-23
+- fix selinux writeup readdown bug
+
 * Mon Mar 25 2024 gengqihu <gengqihu2@h-partners.com> - 35.5-22
 - fix semodule_package fail