diff --git a/backport-libsepol-Remove-special-handling-of-roles-in-module_to_cil.patch b/backport-libsepol-Remove-special-handling-of-roles-in-module_to_cil.patch
new file mode 100644
index 0000000..1cef515
--- /dev/null
+++ b/backport-libsepol-Remove-special-handling-of-roles-in-module_to_cil.patch
@@ -0,0 +1,89 @@
+From 7450510d9032c0f4d936d4ecb005f0454f65a66e Mon Sep 17 00:00:00 2001
+From: changhan <changhan@xfusion.com>
+Date: Mon, 21 Apr 2025 11:55:41 +0800
+Subject: [PATCH] libsepol-Remove-special-handling-of-roles-in-module_to_cil
+
+Reference:https://github.com/SELinuxProject/selinux/commit/be11f48b7a4a0782d79a40ec623e133221c55035
+
+---
+ libsepol/src/module_to_cil.c | 50 +-----------------------------------
+ 1 file changed, 1 insertion(+), 49 deletions(-)
+
+diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
+index 604eada..73e5240 100644
+--- a/libsepol/src/module_to_cil.c
++++ b/libsepol/src/module_to_cil.c
+@@ -2132,39 +2132,7 @@ static int role_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
+ 	switch (role->flavor) {
+ 	case ROLE_ROLE:
+ 		if (scope == SCOPE_DECL) {
+-			// Only declare certain roles if we are reading a base module.
+-			// These roles are defined in the base module and sometimes in
+-			// other non-base modules. If we generated the roles regardless of
+-			// the policy type, it would result in duplicate declarations,
+-			// which isn't allowed in CIL. Patches have been made to refpolicy
+-			// to remove these duplicate role declarations, but we need to be
+-			// backwards compatible and support older policies. Since we know
+-			// these roles are always declared in base, only print them when we
+-			// see them in the base module. If the declarations appear in a
+-			// non-base module, ignore their declarations.
+-			//
+-			// Note that this is a hack, and if a policy author does not define
+-			// one of these roles in base, the declaration will not appear in
+-			// the resulting policy, likely resulting in a compilation error in
+-			// CIL.
+-			//
+-			// To make things more complicated, the auditadm_r and secadm_r
+-			// roles could actually be in either the base module or a non-base
+-			// module, or both. So we can't rely on this same behavior. So for
+-			// these roles, don't declare them here, even if they are in a base
+-			// or non-base module. Instead we will just declare them in the
+-			// base module elsewhere.
+-			int is_base_role = (!strcmp(key, "user_r") ||
+-			                    !strcmp(key, "staff_r") ||
+-			                    !strcmp(key, "sysadm_r") ||
+-			                    !strcmp(key, "system_r") ||
+-			                    !strcmp(key, "unconfined_r"));
+-			int is_builtin_role = (!strcmp(key, "auditadm_r") ||
+-			                       !strcmp(key, "secadm_r"));
+-			if ((is_base_role && pdb->policy_type == SEPOL_POLICY_BASE) ||
+-			    (!is_base_role && !is_builtin_role)) {
+-				cil_println(indent, "(role %s)", key);
+-			}
++			cil_println(indent, "(role %s)", key);
+ 		}
+ 
+ 		if (ebitmap_cardinality(&role->dominates) > 1) {
+@@ -3950,17 +3918,6 @@ static int generate_default_object(void)
+ 	return 0;
+ }
+ 
+-static int generate_builtin_roles(void)
+-{
+-	// due to inconsistentencies between policies and CIL not allowing
+-	// duplicate roles, some roles are always created, regardless of if they
+-	// are declared in modules or not
+-	cil_println(0, "(role auditadm_r)");
+-	cil_println(0, "(role secadm_r)");
+-
+-	return 0;
+-}
+-
+ static int generate_gen_require_attribute(void)
+ {
+ 	cil_println(0, "(typeattribute " GEN_REQUIRE_ATTR ")");
+@@ -4045,11 +4002,6 @@ int sepol_module_policydb_to_cil(FILE *fp, struct policydb *pdb, int linked)
+ 			goto exit;
+ 		}
+ 
+-		rc = generate_builtin_roles();
+-		if (rc != 0) {
+-			goto exit;
+-		}
+-
+ 		// default attribute to be used to mimic gen_require in CIL
+ 		rc = generate_gen_require_attribute();
+ 		if (rc != 0) {
+-- 
+2.33.0
+
diff --git a/libsepol.spec b/libsepol.spec
index 87d36ab..4aecce7 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,6 +1,6 @@
 Name:           libsepol
 Version:        3.5
-Release:        6
+Release:        7
 Summary:        SELinux binary policy manipulation library
 License:        LGPLv2+
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
@@ -41,6 +41,7 @@ Patch0032:      backport-libsepol-mls-Do-not-destroy-context-on-memory-error.pat
 Patch0033:      backport-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch
 Patch0034:      backport-libsepol-cil-Initialize-avtab_datum-on-declaration.patch
 Patch0035:      backport-libsepol-cil-Optionally-allow-duplicate-role-declaration.patch
+Patch0036:      backport-libsepol-Remove-special-handling-of-roles-in-module_to_cil.patch
 
 BuildRequires:  gcc flex
 
@@ -101,6 +102,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
 %{_mandir}/man3/*
 
 %changelog
+* Mon Apr 21 2025 changhan <changhan@xfusion.com>  - 3.5-7
+- backport libsepol: Remove special handling of roles in module_to_cil.c
+
 * Mon Apr 21 2025 changhan <changhan@xfusion.com>  - 3.5-6
 - backport libsepol/cil: Optionally allow duplicate role declarations