apparmor: remove redundant perms.allow MAY_EXEC bitflag set

This section of profile_transition that occurs after x_to_label only
happens if perms.allow already has the MAY_EXEC bit set, so we don't need
to set it again.

Fixes: 16916b1 ("apparmor: force auditing of conflicting attachment execs from confined")
Signed-off-by: Ryan Lee <[email protected]>
Signed-off-by: John Johansen <[email protected]>

Author: rlee287

security/apparmor/domain.c

@@ -734,10 +734,8 @@ static struct aa_label *profile_transition(const struct cred *subj_cred,
 			 * we don't need to care about clobbering it
 			 */
 			if (info == CONFLICTING_ATTACH_STR_IX
-			    || info == CONFLICTING_ATTACH_STR_UX) {
+			    || info == CONFLICTING_ATTACH_STR_UX)
 				perms.audit |= MAY_EXEC;
-				perms.allow |= MAY_EXEC;
-			}
 			/* hack ix fallback - improve how this is detected */
 			goto audit;
 		} else if (!new) {