From 43ffe34ab49ed1a838f68a68c71e99de1f3b82e8 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Mon, 6 May 2024 11:45:12 -0600
Subject: [PATCH] We do not pass apparmor_profile from the front-end to the
 policy.

There is no command line option to specify a profile, it is only
passed from the policy to the front-end.
---
 plugins/sudoers/policy.c | 8 --------
 src/parse_args.c         | 1 -
 src/sudo.h               | 1 -
 3 files changed, 10 deletions(-)

diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
index fe92e12c1..a6582975f 100644
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -333,14 +333,6 @@ sudoers_policy_deserialize_info(struct sudoers_context *ctx, void *v,
 		goto oom;
 	    continue;
 	}
-	if (MATCHES(*cur, "apparmor_profile=")) {
-	    CHECK(*cur, "apparmor_profile=");
-	    free(ctx->runas.apparmor_profile);
-	    ctx->runas.apparmor_profile = strdup(*cur + sizeof("apparmor_profile=") - 1);
-	    if (ctx->runas.apparmor_profile == NULL)
-		goto oom;
-	    continue;
-	}
 #ifdef HAVE_BSD_AUTH_H
 	if (MATCHES(*cur, "bsdauth_type=")) {
 	    CHECK(*cur, "bsdauth_type=");
diff --git a/src/parse_args.c b/src/parse_args.c
index f74738fb4..2a84fd176 100644
--- a/src/parse_args.c
+++ b/src/parse_args.c
@@ -85,7 +85,6 @@ static struct sudo_settings sudo_settings[] = {
     { "askpass" },
     { "intercept_setid" },
     { "intercept_ptrace" },
-    { "apparmor_profile" },
     { NULL }
 };
 
diff --git a/src/sudo.h b/src/sudo.h
index d3122ef4e..a0e092666 100644
--- a/src/sudo.h
+++ b/src/sudo.h
@@ -105,7 +105,6 @@
 #define ARG_ASKPASS		26
 #define ARG_INTERCEPT_SETID	27
 #define ARG_INTERCEPT_PTRACE	28
-#define ARG_APPARMOR_PROFILE	29
 
 /*
  * Flags for tgetpass()