From 52530caaf8f8b89f7fd4d1b9d0002f979db898a4 Mon Sep 17 00:00:00 2001
From: Luca Weiss <luca@z3ntu.xyz>
Date: Sun, 4 Sep 2022 19:10:48 +0200
Subject: [PATCH] pmb.parse.kconfig: remove apparmor check (MR 2200)

Remove the check as apparmor is not the way we want to go for privilege
separation anymore.
See https://gitlab.com/postmarketOS/pmaports/-/issues/1596
---
 pmb/config/__init__.py  | 20 --------------------
 pmb/helpers/frontend.py |  1 -
 pmb/parse/arguments.py  |  2 --
 pmb/parse/kconfig.py    |  7 -------
 4 files changed, 30 deletions(-)

diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py
index 2c166da8..a7142003 100644
--- a/pmb/config/__init__.py
+++ b/pmb/config/__init__.py
@@ -370,26 +370,6 @@ necessary_kconfig_options_anbox = {
     }
 }
 
-# Necessary apparmor kernel config options (mandatory access control)
-# LSM: the value that "config LSM" sets in security/Kconfig, if
-# DEFAULT_SECURITY_APPARMOR is set (and other DEFAULT_SECURITY_* are unset).
-necessary_kconfig_options_apparmor = {
-    ">=0.0.0": {  # all versions
-        "all": {  # all arches
-            "AUDIT": True,
-            "DEFAULT_SECURITY_APPARMOR": True,
-            "LSM": "landlock,lockdown,yama,loadpin,safesetid,integrity,"
-                   "apparmor,selinux,smack,tomoyo,bpf",
-            "SECURITY_APPARMOR": True,
-        },
-    },
-    "<5.1": {
-        "all": {
-            "SECURITY_APPARMOR_BOOTPARAM_VALUE": True,
-        },
-    },
-}
-
 # Necessary iwd kernel config options (inet wireless daemon)
 # Obtained from 'grep ADD_MISSING src/main.c' in iwd.git
 necessary_kconfig_options_iwd = {
diff --git a/pmb/helpers/frontend.py b/pmb/helpers/frontend.py
index 32d297a7..f4bbf961 100644
--- a/pmb/helpers/frontend.py
+++ b/pmb/helpers/frontend.py
@@ -415,7 +415,6 @@ def kconfig(args):
             if not pmb.parse.kconfig.check(
                     args, package,
                     force_anbox_check=args.anbox,
-                    force_apparmor_check=args.apparmor,
                     force_iwd_check=args.iwd,
                     force_nftables_check=args.nftables,
                     force_containers_check=args.containers,
diff --git a/pmb/parse/arguments.py b/pmb/parse/arguments.py
index 7d571c12..aad5b45d 100644
--- a/pmb/parse/arguments.py
+++ b/pmb/parse/arguments.py
@@ -466,8 +466,6 @@ def arguments_kconfig(subparser):
                        " directly instead of a config in a package")
     check.add_argument("--anbox", action="store_true", help="check"
                        " options needed for anbox too")
-    check.add_argument("--apparmor", action="store_true", help="check"
-                       " options needed for apparmor too")
     check.add_argument("--iwd", action="store_true", help="check"
                        " options needed for iwd too")
     check.add_argument("--nftables", action="store_true", help="check"
diff --git a/pmb/parse/kconfig.py b/pmb/parse/kconfig.py
index ee7eaef4..41661abd 100644
--- a/pmb/parse/kconfig.py
+++ b/pmb/parse/kconfig.py
@@ -86,7 +86,6 @@ def check_option(component, details, config, config_path_pretty, option,
 
 def check_config(config_path, config_path_pretty, config_arch, pkgver,
                  anbox=False,
-                 apparmor=False,
                  iwd=False,
                  nftables=False,
                  containers=False,
@@ -101,8 +100,6 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver,
     components = {"postmarketOS": pmb.config.necessary_kconfig_options}
     if anbox:
         components["anbox"] = pmb.config.necessary_kconfig_options_anbox
-    if apparmor:
-        components["apparmor"] = pmb.config.necessary_kconfig_options_apparmor
     if iwd:
         components["iwd"] = pmb.config.necessary_kconfig_options_iwd
     if nftables:
@@ -160,7 +157,6 @@ def check_config_options_set(config, config_path_pretty, config_arch, options,
 
 def check(args, pkgname,
           force_anbox_check=False,
-          force_apparmor_check=False,
           force_iwd_check=False,
           force_nftables_check=False,
           force_containers_check=False,
@@ -190,8 +186,6 @@ def check(args, pkgname,
     pkgver = apkbuild["pkgver"]
     check_anbox = force_anbox_check or (
         "pmb:kconfigcheck-anbox" in apkbuild["options"])
-    check_apparmor = force_apparmor_check or (
-        "pmb:kconfigcheck-apparmor" in apkbuild["options"])
     check_iwd = force_iwd_check or (
         "pmb:kconfigcheck-iwd" in apkbuild["options"])
     check_nftables = force_nftables_check or (
@@ -223,7 +217,6 @@ def check(args, pkgname,
         ret &= check_config(config_path, config_path_pretty, config_arch,
                             pkgver,
                             anbox=check_anbox,
-                            apparmor=check_apparmor,
                             iwd=check_iwd,
                             nftables=check_nftables,
                             containers=check_containers,