From eb4d323dc682f7a256d8bef8ece96ee5d39c1179 Mon Sep 17 00:00:00 2001
From: Mustafa Bilgen <mbilgen@nvidia.com>
Date: Mon, 27 Jan 2025 20:49:49 +0000
Subject: [PATCH] NVIDIA: SAUCE: arch: arm64: enable AppArmor instead of
 SELinux

* Enable CONFIG_SECURITY_APPARMOR.
* Replace selinux with apprmor in CONFIG_LSM.
* Disable CONFIG_SECURITY_SELINUX.

This change replaces SELinux with AppArmor as the main LSM/MAC
mechanism.

http://nvbugs/5071461

Signed-off-by: Mustafa Bilgen <mbilgen@nvidia.com>
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: Sumit Gupta <sumitg@nvidia.com>
Reviewed-by: Ajay Nandakumar Mannargudi <anandakumarm@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Signed-off-by: Vishwaroop A <va@nvidia.com>
Acked-by: Noah Wager <noah.wager@canonical.com>
Acked-by: Jacob Martin <jacob.martin@canonical.com>
Signed-off-by: Noah Wager <noah.wager@canonical.com>
---
 arch/arm64/configs/defconfig            | 4 ++--
 arch/arm64/configs/tegra_prod_defconfig | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
index c6ebba867ed8..922559b787e3 100644
--- a/arch/arm64/configs/defconfig
+++ b/arch/arm64/configs/defconfig
@@ -1696,13 +1696,13 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
-CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_YAMA=y
 CONFIG_INTEGRITY_SIGNATURE=y
 CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_PLATFORM_KEYRING=y
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"
+CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,bpf"
 CONFIG_CRYPTO_USER=y
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_ECHAINIV=y
diff --git a/arch/arm64/configs/tegra_prod_defconfig b/arch/arm64/configs/tegra_prod_defconfig
index d8eff3e15080..a70a22730cac 100644
--- a/arch/arm64/configs/tegra_prod_defconfig
+++ b/arch/arm64/configs/tegra_prod_defconfig
@@ -542,8 +542,8 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,bpf"
 CONFIG_CRYPTO_DES=m
 CONFIG_CRYPTO_SM4_GENERIC=m
 CONFIG_CRYPTO_XTS=m