apparmor: remove redundant unconfined check.

profile_af_perm and profile_af_sk_perm are only ever called after checking that the profile is not unconfined. So we can drop these redundant checks. Signed-off-by: John Johansen <john.johansen@canonical.com>
2026-05-26 16:12:59 +02:00 · 2023-01-29 01:55:03 -08:00 · 2023-01-29 01:55:03 -08:00 · 46b9b994dd
commit 46b9b994dd
parent 280799f724
1 changed files with 1 additions and 2 deletions
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@ -118,9 +118,8 @@ int aa_profile_af_perm(struct aa_profile *profile,

 	AA_BUG(family >= AF_MAX);
 	AA_BUG(type < 0 || type >= SOCK_MAX);
+	AA_BUG(profile_unconfined(profile));

-	if (profile_unconfined(profile))
-		return 0;
 	state = RULE_MEDIATES(rules, AA_CLASS_NET);
 	if (!state)
 		return 0;