[SRU][O][PATCH 1/1] UBUNTU: SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [66/99]: userns - add the ability to reference a global variable for a feature value"

[Georgia Garcia]

BugLink: https://bugs.launchpad.net/bugs/2095370

This reverts commit 229faa85d610897b133f5d905f4f78c7cc47de73.

This commit also makes userns and io_uring restriction feature file
contents static to indicate it is available in the kernel. This is
necessary because if the values change, then the kernel features hash
used by AppArmor would also change, causing pre-compiled policies to
not load as expected.

Signed-off-by: Georgia Garcia <georgia.garcia at canonical.com>
---
 security/apparmor/apparmorfs.c         | 8 ++------
 security/apparmor/include/apparmorfs.h | 6 ------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 5c50bf2af204..704fe779f601 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1217,9 +1217,6 @@ static int aa_sfs_seq_show(struct seq_file *seq, void *v)
 	case AA_SFS_TYPE_U64:
 		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
 		break;
-	case AA_SFS_TYPE_INTPTR:
-		seq_printf(seq, "%d\n", READ_ONCE(*fs_file->v.intptr));
-		break;
 	default:
 		/* Ignore unpritable entry types. */
 		break;
@@ -2590,9 +2587,8 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
 
 static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
 	AA_SFS_FILE_BOOLEAN("change_profile", 1),
-	AA_SFS_FILE_INTPTR("userns",		aa_unprivileged_userns_restricted),
-	AA_SFS_FILE_INTPTR("io_uring",
-			    aa_unprivileged_uring_restricted),
+	AA_SFS_FILE_BOOLEAN("userns",	1),
+	AA_SFS_FILE_BOOLEAN("io_uring",	1),
 	{ }
 };
 
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 3f954194a0e7..a21855ad7fb8 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -17,7 +17,6 @@ enum aa_sfs_type {
 	AA_SFS_TYPE_BOOLEAN,
 	AA_SFS_TYPE_STRING,
 	AA_SFS_TYPE_U64,
-	AA_SFS_TYPE_INTPTR,
 	AA_SFS_TYPE_FOPS,
 	AA_SFS_TYPE_DIR,
 };
@@ -34,7 +33,6 @@ struct aa_sfs_entry {
 		char *string;
 		unsigned long u64;
 		struct aa_sfs_entry *files;
-		int *intptr;
 	} v;
 	const struct file_operations *file_ops;
 };
@@ -53,10 +51,6 @@ extern const struct file_operations aa_sfs_seq_file_ops;
 	{ .name = (_name), .mode = 0444, \
 	  .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \
 	  .file_ops = &aa_sfs_seq_file_ops }
-#define AA_SFS_FILE_INTPTR(_name, _value) \
-	{ .name = (_name), .mode = 0444, \
-	  .v_type = AA_SFS_TYPE_INTPTR, .v.intptr = &(_value), \
-	  .file_ops = &aa_sfs_seq_file_ops }
 #define AA_SFS_FILE_FOPS(_name, _mode, _fops) \
 	{ .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \
 	  .mode = (_mode), .file_ops = (_fops) }
-- 
2.43.0