From 46b9b994dd554099b3ca74a20a0d1fb392c83a87 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Sun, 29 Jan 2023 01:55:03 -0800
Subject: [PATCH] apparmor: remove redundant unconfined check.

profile_af_perm and profile_af_sk_perm are only ever called after
checking that the profile is not unconfined. So we can drop these
redundant checks.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/net.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 77413a5191179..8b7a63c08ba12 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -118,9 +118,8 @@ int aa_profile_af_perm(struct aa_profile *profile,
 
 	AA_BUG(family >= AF_MAX);
 	AA_BUG(type < 0 || type >= SOCK_MAX);
+	AA_BUG(profile_unconfined(profile));
 
-	if (profile_unconfined(profile))
-		return 0;
 	state = RULE_MEDIATES(rules, AA_CLASS_NET);
 	if (!state)
 		return 0;
-- 
2.47.2