1 files changed, 1 insertions, 46 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 5a2aec358322..4ede87c30f8b 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -275,19 +275,6 @@ fail:
        return 0;
 }
-static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
-{
-        if (unpack_nameX(e, AA_U16, name)) {
-                if (!inbounds(e, sizeof(u16)))
-                        return 0;
-                if (data)
-                        *data = le16_to_cpu(get_unaligned((__le16 *) e->pos));
-                e->pos += sizeof(u16);
-                return 1;
-        }
-        return 0;
-}
 static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
 {
        if (unpack_nameX(e, AA_U32, name)) {
@@ -597,7 +584,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
        struct aa_profile *profile = NULL;
        const char *tmpname, *tmpns = NULL, *name = NULL;
        const char *info = "failed to unpack profile";
-        size_t size = 0, ns_len;
+        size_t ns_len;
        struct rhashtable_params params = { 0 };
        char *key = NULL;
        struct aa_data *data;
@@ -730,38 +717,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
                goto fail;
        }
-        size = unpack_array(e, "net_allowed_af");
-        if (size) {
-                for (i = 0; i < size; i++) {
-                        /* discard extraneous rules that this kernel will
-                         * never request
-                         */
-                        if (i >= AF_MAX) {
-                                u16 tmp;
-                                if (!unpack_u16(e, &tmp, NULL) ||
-                                    !unpack_u16(e, &tmp, NULL) ||
-                                    !unpack_u16(e, &tmp, NULL))
-                                        goto fail;
-                                continue;
-                        }
-                        if (!unpack_u16(e, &profile->net.allow[i], NULL))
-                                goto fail;
-                        if (!unpack_u16(e, &profile->net.audit[i], NULL))
-                                goto fail;
-                        if (!unpack_u16(e, &profile->net.quiet[i], NULL))
-                                goto fail;
-                }
-                if (!unpack_nameX(e, AA_ARRAYEND, NULL))
-                        goto fail;
-        }
-        if (VERSION_LT(e->version, v7)) {
-                /* pre v7 policy always allowed these */
-                profile->net.allow[AF_UNIX] = 0xffff;
-                profile->net.allow[AF_NETLINK] = 0xffff;
-        }
        if (unpack_nameX(e, AA_STRUCT, "policydb")) {
                /* generic policy dfa - optional and may be NULL */
                info = "failed to unpack policydb";

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5a2aec358322..4ede87c30f8b 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c
@@ -275,19 +275,6 @@ fail:
275	return 0;	275	return 0;
276	}	276	}
277		277
278	static bool unpack_u16(struct aa_ext e, u16 data, const char *name)
279	{
280	if (unpack_nameX(e, AA_U16, name)) {
281	if (!inbounds(e, sizeof(u16)))
282	return 0;
283	if (data)
284	data = le16_to_cpu(get_unaligned((__le16 ) e->pos));
285	e->pos += sizeof(u16);
286	return 1;
287	}
288	return 0;
289	}
290
291	static bool unpack_u32(struct aa_ext e, u32 data, const char *name)	278	static bool unpack_u32(struct aa_ext e, u32 data, const char *name)
292	{	279	{
293	if (unpack_nameX(e, AA_U32, name)) {	280	if (unpack_nameX(e, AA_U32, name)) {
@@ -597,7 +584,7 @@ static struct aa_profile unpack_profile(struct aa_ext e, char **ns_name)
597	struct aa_profile *profile = NULL;	584	struct aa_profile *profile = NULL;
598	const char tmpname, tmpns = NULL, *name = NULL;	585	const char tmpname, tmpns = NULL, *name = NULL;
599	const char *info = "failed to unpack profile";	586	const char *info = "failed to unpack profile";
600	size_t size = 0, ns_len;	587	size_t ns_len;
601	struct rhashtable_params params = { 0 };	588	struct rhashtable_params params = { 0 };
602	char *key = NULL;	589	char *key = NULL;
603	struct aa_data *data;	590	struct aa_data *data;
@@ -730,38 +717,6 @@ static struct aa_profile unpack_profile(struct aa_ext e, char **ns_name)
730	goto fail;	717	goto fail;
731	}	718	}
732		719
733	size = unpack_array(e, "net_allowed_af");
734	if (size) {
735
736	for (i = 0; i < size; i++) {
737	/* discard extraneous rules that this kernel will
738	* never request
739	*/
740	if (i >= AF_MAX) {
741	u16 tmp;
742
743	if (!unpack_u16(e, &tmp, NULL) \|\|
744	!unpack_u16(e, &tmp, NULL) \|\|
745	!unpack_u16(e, &tmp, NULL))
746	goto fail;
747	continue;
748	}
749	if (!unpack_u16(e, &profile->net.allow[i], NULL))
750	goto fail;
751	if (!unpack_u16(e, &profile->net.audit[i], NULL))
752	goto fail;
753	if (!unpack_u16(e, &profile->net.quiet[i], NULL))
754	goto fail;
755	}
756	if (!unpack_nameX(e, AA_ARRAYEND, NULL))
757	goto fail;
758	}
759	if (VERSION_LT(e->version, v7)) {
760	/* pre v7 policy always allowed these */
761	profile->net.allow[AF_UNIX] = 0xffff;
762	profile->net.allow[AF_NETLINK] = 0xffff;
763	}
764
765	if (unpack_nameX(e, AA_STRUCT, "policydb")) {	720	if (unpack_nameX(e, AA_STRUCT, "policydb")) {
766	/* generic policy dfa - optional and may be NULL */	721	/* generic policy dfa - optional and may be NULL */
767	info = "failed to unpack policydb";	722	info = "failed to unpack policydb";