From f3c0675bb9e0a3a472dd519ec7ccde23bdcf180b Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 30 Jul 2025 03:08:29 -0700
Subject: [PATCH] apparmor: fix test error: WARNING in
 apparmor_unix_stream_connect

commit 88fec3526e84 ("apparmor: make sure unix socket labeling is correctly updated.")
added the use of security_sk_alloc() which ensures the sk label is
initialized.

This means that the AA_BUG in apparmor_unix_stream_connect() is no
longer correct, because while the sk is still not being initialized
by going through post_create, it is now initialize in sk_alloc().
Remove the now invalid check.

Reported-by: syzbot+cd38ee04bcb3866b0c6d@syzkaller.appspotmail.com
Fixes: 88fec3526e84 ("apparmor: make sure unix socket labeling is correctly updated.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/lsm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 9a64b2db02672..e4b2944431e49 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1205,8 +1205,9 @@ static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
 	if (error)
 		return error;
 
-	/* newsk doesn't go through post_create */
-	AA_BUG(rcu_access_pointer(new_ctx->label));
+	/* newsk doesn't go through post_create, but does go through
+	 * security_sk_alloc()
+	 */
 	rcu_assign_pointer(new_ctx->label,
 			   aa_get_label(rcu_dereference_protected(peer_ctx->label,
 								  true)));
-- 
2.47.2