apparmor: remove redundant unconfined check.

profile_af_perm and profile_af_sk_perm are only ever called after
checking that the profile is not unconfined. So we can drop these
redundant checks.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 77413a5191179a6d52934d937a451a680a0751e1..8b7a63c08ba12fd169dfa9c459593cce4b17a5ed 100644 (file)
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -118,9 +118,8 @@ int aa_profile_af_perm(struct aa_profile *profile,
 
        AA_BUG(family >= AF_MAX);
        AA_BUG(type < 0 || type >= SOCK_MAX);
+       AA_BUG(profile_unconfined(profile));
 
-       if (profile_unconfined(profile))
-               return 0;
        state = RULE_MEDIATES(rules, AA_CLASS_NET);
        if (!state)
                return 0;