1 files changed, 0 insertions, 46 deletions

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 8f8e9c1d933..deab7c7e8dc 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -193,19 +193,6 @@ fail:
 	return 0;
 }
 
-static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
-{
-	if (unpack_nameX(e, AA_U16, name)) {
-		if (!inbounds(e, sizeof(u16)))
-			return 0;
-		if (data)
-			*data = le16_to_cpu(get_unaligned((u16 *) e->pos));
-		e->pos += sizeof(u16);
-		return 1;
-	}
-	return 0;
-}
-
 static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
 {
 	if (unpack_nameX(e, AA_U32, name)) {
@@ -484,7 +471,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
 {
 	struct aa_profile *profile = NULL;
 	const char *name = NULL;
-	size_t size = 0;
 	int i, error = -EPROTO;
 	kernel_cap_t tmpcap;
 	u32 tmp;
@@ -578,38 +564,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
 	if (!unpack_rlimits(e, profile))
 		goto fail;
 
-	size = unpack_array(e, "net_allowed_af");
-	if (size) {
-
-		for (i = 0; i < size; i++) {
-			/* discard extraneous rules that this kernel will
-			 * never request
-			 */
-			if (i >= AF_MAX) {
-				u16 tmp;
-				if (!unpack_u16(e, &tmp, NULL) ||
-				    !unpack_u16(e, &tmp, NULL) ||
-				    !unpack_u16(e, &tmp, NULL))
-					goto fail;
-				continue;
-			}
-			if (!unpack_u16(e, &profile->net.allow[i], NULL))
-				goto fail;
-			if (!unpack_u16(e, &profile->net.audit[i], NULL))
-				goto fail;
-			if (!unpack_u16(e, &profile->net.quiet[i], NULL))
-				goto fail;
-		}
-		if (!unpack_nameX(e, AA_ARRAYEND, NULL))
-			goto fail;
-	}
-	/*
-	 * allow unix domain and netlink sockets they are handled
-	 * by IPC
-	 */
-	profile->net.allow[AF_UNIX] = 0xffff;
-	profile->net.allow[AF_NETLINK] = 0xffff;
-
 	if (unpack_nameX(e, AA_STRUCT, "policydb")) {
 		/* generic policy dfa - optional and may be NULL */
 		profile->policy.dfa = unpack_dfa(e);