apparmor/kernel-patches/for-mainline/apparmor-no-nd.diff

Index: b/security/apparmor/module_interface.c
===================================================================
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -328,35 +328,6 @@ fail:
 	} while (0)
 
 /**
- * aa_activate_net_entry - unpacked serialized net entries
- * @e: serialized data extent information
- *
- * Ignore/skips net entries if they are present in the serialized data
- * stream.  Network confinement rules are currently unsupported but some
- * user side tools can generate them so they are currently ignored.
- */
-static inline int aa_activate_net_entry(struct aa_ext *e)
-{
-	AA_READ_X(e, AA_STRUCT, NULL, "ne");
-	AA_READ_X(e, AA_U32, NULL, NULL);
-	AA_READ_X(e, AA_U32, NULL, NULL);
-	AA_READ_X(e, AA_U32, NULL, NULL);
-	AA_READ_X(e, AA_U16, NULL, NULL);
-	AA_READ_X(e, AA_U16, NULL, NULL);
-	AA_READ_X(e, AA_U32, NULL, NULL);
-	AA_READ_X(e, AA_U32, NULL, NULL);
-	AA_READ_X(e, AA_U16, NULL, NULL);
-	AA_READ_X(e, AA_U16, NULL, NULL);
-	/* interface name is optional so just ignore return code */
-	aa_is_nameX(e, AA_DYN_STRING, NULL, NULL);
-	AA_READ_X(e, AA_STRUCTEND, NULL, NULL);
-
-	return 1;
-fail:
-	return 0;
-}
-
-/**
  * aa_activate_dfa - unpack a file rule dfa
  * @e: serialized data extent information
  *
@@ -433,14 +404,6 @@ static struct aa_profile *aa_activate_pr
 		goto fail;
 	}
 
-	/* get the net entries */
-	if (aa_is_nameX(e, AA_LIST, NULL, "net")) {
-		error_string = "Invalid net entry";
-		while (!aa_is_nameX(e, AA_LISTEND, NULL, NULL)) {
-			if (!aa_activate_net_entry(e))
-				goto fail;
-		}
-	}
 	rulename = "";
 
 	/* get subprofiles */