From aa69d9adc9bc5dc3fc798b9014d5010d6be0bcba Mon Sep 17 00:00:00 2001
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Tue, 12 Mar 2024 14:54:01 +0100
Subject: [PATCH] Clean superfluous openssl abstraction includes

With abstractions/openssl now being included from abstraction/base
(via the indirection of abstractions/crypto) anything already
including abstraction/base can stop including abstractions/openssl
directly.
---
 profiles/apparmor.d/abstractions/kde-open5                | 1 -
 profiles/apparmor.d/php-fpm                               | 2 --
 profiles/apparmor.d/samba-bgqd                            | 1 -
 profiles/apparmor.d/sbin.syslog-ng                        | 1 -
 profiles/apparmor.d/usr.lib.dovecot.auth                  | 1 -
 profiles/apparmor.d/usr.lib.dovecot.dict                  | 1 -
 profiles/apparmor.d/usr.lib.dovecot.imap-login            | 1 -
 profiles/apparmor.d/usr.lib.dovecot.lmtp                  | 1 -
 profiles/apparmor.d/usr.lib.dovecot.managesieve-login     | 1 -
 profiles/apparmor.d/usr.lib.dovecot.pop3-login            | 1 -
 profiles/apparmor.d/usr.sbin.ntpd                         | 1 -
 profiles/apparmor.d/usr.sbin.smbd                         | 1 -
 profiles/apparmor/profiles/extras/postfix-proxymap        | 1 -
 profiles/apparmor/profiles/extras/postfix-smtp            | 1 -
 profiles/apparmor/profiles/extras/postfix-smtpd           | 1 -
 profiles/apparmor/profiles/extras/postfix-tlsmgr          | 1 -
 profiles/apparmor/profiles/extras/sbin.dhclient           | 1 -
 profiles/apparmor/profiles/extras/usr.bin.freshclam       | 1 -
 profiles/apparmor/profiles/extras/usr.sbin.clamd          | 1 -
 profiles/apparmor/profiles/extras/usr.sbin.haproxy        | 1 -
 profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork | 1 -
 profiles/apparmor/profiles/extras/usr.sbin.imapd          | 1 -
 profiles/apparmor/profiles/extras/usr.sbin.ipop2d         | 1 -
 profiles/apparmor/profiles/extras/usr.sbin.ipop3d         | 1 -
 24 files changed, 25 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/kde-open5 b/profiles/apparmor.d/abstractions/kde-open5
index 026c29373..546a8f2d0 100644
--- a/profiles/apparmor.d/abstractions/kde-open5
+++ b/profiles/apparmor.d/abstractions/kde-open5
@@ -50,7 +50,6 @@
   include <abstractions/kde-icon-cache-write>
   include <abstractions/kde>
   include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
-  include <abstractions/openssl>
   include <abstractions/qt5>
   include <abstractions/recent-documents-write>
   include <abstractions/X>
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
index ee103c521..ac3b507ca 100644
--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
@@ -11,8 +11,6 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
   include <abstractions/nameservice>
   # common php files and support files that php needs
   include <abstractions/php>
-  # read openssl configuration
-  include <abstractions/openssl>
   # read the system certificates
   include <abstractions/ssl_certs>
 
diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd
index 874abcf17..81d4953cd 100644
--- a/profiles/apparmor.d/samba-bgqd
+++ b/profiles/apparmor.d/samba-bgqd
@@ -6,7 +6,6 @@ profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd {
   include <abstractions/base>
   include <abstractions/cups-client>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/samba>
 
   signal receive set=term peer=smbd,
diff --git a/profiles/apparmor.d/sbin.syslog-ng b/profiles/apparmor.d/sbin.syslog-ng
index c1d3b101f..4936fadd1 100644
--- a/profiles/apparmor.d/sbin.syslog-ng
+++ b/profiles/apparmor.d/sbin.syslog-ng
@@ -22,7 +22,6 @@ profile syslog-ng /{usr/,}{bin,sbin}/syslog-ng {
   include <abstractions/consoles>
   include <abstractions/nameservice>
   include <abstractions/mysql>
-  include <abstractions/openssl>
   include <abstractions/python>
   include <abstractions/hosts_access>
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.auth b/profiles/apparmor.d/usr.lib.dovecot.auth
index 9a397b29b..5e464e385 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.auth
@@ -19,7 +19,6 @@ profile dovecot-auth /usr/lib*/dovecot/auth {
   include <abstractions/base>
   include <abstractions/mysql>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/wutmp>
   include <abstractions/dovecot-common>
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dict b/profiles/apparmor.d/usr.lib.dovecot.dict
index 7e50381cf..840f91c2e 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dict
+++ b/profiles/apparmor.d/usr.lib.dovecot.dict
@@ -17,7 +17,6 @@ profile dovecot-dict /usr/lib*/dovecot/dict {
   include <abstractions/base>
   include <abstractions/mysql>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/dovecot-common>
 
   capability setuid,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap-login b/profiles/apparmor.d/usr.lib.dovecot.imap-login
index 056d882e0..f62d2731a 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap-login
@@ -17,7 +17,6 @@ include <tunables/global>
 profile dovecot-imap-login /usr/lib*/dovecot/imap-login {
   include <abstractions/base>
   include <abstractions/dovecot-common>
-  include <abstractions/openssl>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
index a66833c19..2c179b903 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
@@ -18,7 +18,6 @@ profile dovecot-lmtp /usr/lib*/dovecot/lmtp {
   include <abstractions/base>
   include <abstractions/nameservice>
   include <abstractions/dovecot-common>
-  include <abstractions/openssl>
   include <abstractions/ssl_certs>
   include <abstractions/ssl_keys>
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
index cdf51fd55..f3a89ee52 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -19,7 +19,6 @@ include <tunables/global>
 profile dovecot-managesieve-login /usr/lib*/dovecot/managesieve-login {
   include <abstractions/base>
   include <abstractions/dovecot-common>
-  include <abstractions/openssl>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3-login b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
index 90108bec9..753727e60 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -17,7 +17,6 @@ include <tunables/global>
 profile dovecot-pop3-login /usr/lib*/dovecot/pop3-login {
   include <abstractions/base>
   include <abstractions/dovecot-common>
-  include <abstractions/openssl>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.sbin.ntpd b/profiles/apparmor.d/usr.sbin.ntpd
index 1e980fb01..774038a73 100644
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -16,7 +16,6 @@ include <tunables/ntpd>
 profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/ssl_certs>
   include <abstractions/xad>
 
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
index c171407e3..6a277b8cb 100644
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -8,7 +8,6 @@ profile smbd /usr/{bin,sbin}/smbd {
   include <abstractions/consoles>
   include <abstractions/cups-client>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/samba>
   include <abstractions/user-tmp>
   include <abstractions/wutmp>
diff --git a/profiles/apparmor/profiles/extras/postfix-proxymap b/profiles/apparmor/profiles/extras/postfix-proxymap
index 228dd6924..da3fa28d7 100644
--- a/profiles/apparmor/profiles/extras/postfix-proxymap
+++ b/profiles/apparmor/profiles/extras/postfix-proxymap
@@ -17,7 +17,6 @@ include <tunables/global>
 profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
   include <abstractions/base>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/postfix-common>
 
   /etc/my.cnf r,
diff --git a/profiles/apparmor/profiles/extras/postfix-smtp b/profiles/apparmor/profiles/extras/postfix-smtp
index 70b8ecd8d..f3152066b 100644
--- a/profiles/apparmor/profiles/extras/postfix-smtp
+++ b/profiles/apparmor/profiles/extras/postfix-smtp
@@ -18,7 +18,6 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
   include <abstractions/base>
   include <abstractions/nameservice>
   include <abstractions/postfix-common>
-  include <abstractions/openssl>
 
   capability dac_override,
   capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/postfix-smtpd b/profiles/apparmor/profiles/extras/postfix-smtpd
index 944c99f0c..5d6351efd 100644
--- a/profiles/apparmor/profiles/extras/postfix-smtpd
+++ b/profiles/apparmor/profiles/extras/postfix-smtpd
@@ -18,7 +18,6 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
   include <abstractions/base>
   include <abstractions/nameservice>
   include <abstractions/postfix-common>
-  include <abstractions/openssl>
   include <abstractions/ssl_certs>
   include <abstractions/ssl_keys>
 
diff --git a/profiles/apparmor/profiles/extras/postfix-tlsmgr b/profiles/apparmor/profiles/extras/postfix-tlsmgr
index 5046ac70a..5b49b7509 100644
--- a/profiles/apparmor/profiles/extras/postfix-tlsmgr
+++ b/profiles/apparmor/profiles/extras/postfix-tlsmgr
@@ -17,7 +17,6 @@ include <tunables/global>
 profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr {
   include <abstractions/base>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}tlsmgr mrix,
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient b/profiles/apparmor/profiles/extras/sbin.dhclient
index b791066c8..285c07e8b 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@@ -26,7 +26,6 @@ include <tunables/global>
 profile dhclient /{usr/,}sbin/dhclient {
   include <abstractions/base>
   include <abstractions/bash>
-  include <abstractions/openssl>
   include <abstractions/nameservice>
 
   capability net_raw,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.freshclam b/profiles/apparmor/profiles/extras/usr.bin.freshclam
index 6ad0ba7d3..8ddbb5aa3 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.freshclam
+++ b/profiles/apparmor/profiles/extras/usr.bin.freshclam
@@ -17,7 +17,6 @@ include <tunables/global>
   include <abstractions/base>
   include <abstractions/consoles>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
 
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.clamd b/profiles/apparmor/profiles/extras/usr.sbin.clamd
index 512a211b4..917704689 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.clamd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.clamd
@@ -13,7 +13,6 @@ include <tunables/global>
 profile clamd /usr/sbin/clamd {
   include <abstractions/base>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
 
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.haproxy b/profiles/apparmor/profiles/extras/usr.sbin.haproxy
index 99a92696f..d99665687 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.haproxy
+++ b/profiles/apparmor/profiles/extras/usr.sbin.haproxy
@@ -13,7 +13,6 @@ include <tunables/global>
 profile haproxy /usr/sbin/haproxy {
   include <abstractions/base>
   include <abstractions/nameservice>
-  include <abstractions/openssl>
   capability net_admin,
   capability net_bind_service,
   capability setgid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
index a804d91d0..1baa61d03 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
+++ b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
@@ -20,7 +20,6 @@ include <tunables/global>
   include <abstractions/kerberosclient>
   include <abstractions/nameservice>
   include <abstractions/perl>
-  include <abstractions/openssl>
 
   capability kill,
   capability net_bind_service,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.imapd b/profiles/apparmor/profiles/extras/usr.sbin.imapd
index 6d23f9a22..af41f7f1b 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.imapd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.imapd
@@ -17,7 +17,6 @@ include <tunables/global>
   include <abstractions/nameservice>
   include <abstractions/authentication>
   include <abstractions/user-mail>
-  include <abstractions/openssl>
 
   /dev/urandom                              r,
   /tmp/*                                    rwl,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
index 23a088122..0496cd37b 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
@@ -17,7 +17,6 @@ include <tunables/global>
   include <abstractions/nameservice>
   include <abstractions/authentication>
   include <abstractions/user-mail>
-  include <abstractions/openssl>
 
   /dev/urandom                           r     ,
   /tmp/.*                                rwl   ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
index 19a91e0e4..84963c588 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
@@ -17,7 +17,6 @@ include <tunables/global>
   include <abstractions/nameservice>
   include <abstractions/authentication>
   include <abstractions/user-mail>
-  include <abstractions/openssl>
 
   /dev/urandom                           r     ,
   /tmp/.*                                rwl   ,