[SRU][N][PATCH 1/1] UBUNTU: SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global variable for a feature value"

[Georgia Garcia]

BugLink: https://bugs.launchpad.net/bugs/2095370

This reverts commit 8bd4ee319a029669787588e648bce3c28adf4369.

This commit also makes userns and io_uring restriction feature file
contents static to indicate it is available in the kernel. This is
necessary because if the values change, then the kernel features hash
used by AppArmor would also change, causing pre-compiled policies to
not load as expected.

Signed-off-by: Georgia Garcia <georgia.garcia at canonical.com>
---
 security/apparmor/apparmorfs.c         | 8 ++------
 security/apparmor/include/apparmorfs.h | 6 ------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 822f2e6a96a7..c6c32d102f67 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1217,9 +1217,6 @@ static int aa_sfs_seq_show(struct seq_file *seq, void *v)
 	case AA_SFS_TYPE_U64:
 		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
 		break;
-	case AA_SFS_TYPE_INTPTR:
-		seq_printf(seq, "%d\n", READ_ONCE(*fs_file->v.intptr));
-		break;
 	default:
 		/* Ignore unpritable entry types. */
 		break;
@@ -2590,9 +2587,8 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
 
 static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
 	AA_SFS_FILE_BOOLEAN("change_profile", 1),
-	AA_SFS_FILE_INTPTR("userns",		aa_unprivileged_userns_restricted),
-	AA_SFS_FILE_INTPTR("io_uring",
-			    aa_unprivileged_uring_restricted),
+	AA_SFS_FILE_BOOLEAN("userns",	1),
+	AA_SFS_FILE_BOOLEAN("io_uring",	1),
 	{ }
 };
 
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 3f954194a0e7..a21855ad7fb8 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -17,7 +17,6 @@ enum aa_sfs_type {
 	AA_SFS_TYPE_BOOLEAN,
 	AA_SFS_TYPE_STRING,
 	AA_SFS_TYPE_U64,
-	AA_SFS_TYPE_INTPTR,
 	AA_SFS_TYPE_FOPS,
 	AA_SFS_TYPE_DIR,
 };
@@ -34,7 +33,6 @@ struct aa_sfs_entry {
 		char *string;
 		unsigned long u64;
 		struct aa_sfs_entry *files;
-		int *intptr;
 	} v;
 	const struct file_operations *file_ops;
 };
@@ -53,10 +51,6 @@ extern const struct file_operations aa_sfs_seq_file_ops;
 	{ .name = (_name), .mode = 0444, \
 	  .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \
 	  .file_ops = &aa_sfs_seq_file_ops }
-#define AA_SFS_FILE_INTPTR(_name, _value) \
-	{ .name = (_name), .mode = 0444, \
-	  .v_type = AA_SFS_TYPE_INTPTR, .v.intptr = &(_value), \
-	  .file_ops = &aa_sfs_seq_file_ops }
 #define AA_SFS_FILE_FOPS(_name, _mode, _fops) \
 	{ .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \
 	  .mode = (_mode), .file_ops = (_fops) }
-- 
2.43.0