95 static struct file_perms change_profile_perms(struct aa_profile *profile,  in change_profile_perms()  argument
104 	if (unconfined(profile)) {  in change_profile_perms()
108 	} else if (!profile->file.dfa) {  in change_profile_perms()
110 	} else if ((ns == profile->ns)) {  in change_profile_perms()
112 		aa_str_perms(profile->file.dfa, start, name, &cond, &perms);  in change_profile_perms()
118 	state = aa_dfa_match(profile->file.dfa, start, ns->base.name);  in change_profile_perms()
119 	state = aa_dfa_match_len(profile->file.dfa, state, ":", 1);  in change_profile_perms()
120 	aa_str_perms(profile->file.dfa, state, name, &cond, &perms);  in change_profile_perms()
143 	struct aa_profile *profile, *candidate = NULL;  in __attach_match()  local
145 	list_for_each_entry_rcu(profile, head, base.list) {  in __attach_match()
146 		if (profile->flags & PFLAG_NULL)  in __attach_match()
148 		if (profile->xmatch && profile->xmatch_len > len) {  in __attach_match()
149 			unsigned int state = aa_dfa_match(profile->xmatch,  in __attach_match()
151 			u32 perm = dfa_user_allow(profile->xmatch, state);  in __attach_match()
154 				candidate = profile;  in __attach_match()
155 				len = profile->xmatch_len;  in __attach_match()
157 		} else if (!strcmp(profile->base.name, name))  in __attach_match()
159 			return profile;  in __attach_match()
176 	struct aa_profile *profile;  in find_attach()  local
179 	profile = aa_get_profile(__attach_match(name, list));  in find_attach()
182 	return profile;  in find_attach()
239 static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)  in x_table_lookup()  argument
242 	struct aa_namespace *ns = profile->ns;  in x_table_lookup()
248 	for (name = profile->file.trans.table[index]; !new_profile && name;  in x_table_lookup()
256 			new_profile = aa_find_child(profile, name);  in x_table_lookup()
264 				xname = profile->base.hname;  in x_table_lookup()
300 static struct aa_profile *x_to_profile(struct aa_profile *profile,  in x_to_profile()  argument
304 	struct aa_namespace *ns = profile->ns;  in x_to_profile()
314 			new_profile = find_attach(ns, &profile->base.profiles,  in x_to_profile()
323 		new_profile = x_table_lookup(profile, xindex);  in x_to_profile()
340 	struct aa_profile *profile, *new_profile = NULL;  in apparmor_bprm_set_creds()  local
358 	profile = aa_get_newest_profile(cxt->profile);  in apparmor_bprm_set_creds()
363 	ns = profile->ns;  in apparmor_bprm_set_creds()
364 	state = profile->file.start;  in apparmor_bprm_set_creds()
367 	error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer,  in apparmor_bprm_set_creds()
370 		if (unconfined(profile) ||  in apparmor_bprm_set_creds()
371 		    (profile->flags & PFLAG_IX_ON_NAME_ERROR))  in apparmor_bprm_set_creds()
380 	if (unconfined(profile)) {  in apparmor_bprm_set_creds()
398 	state = aa_str_perms(profile->file.dfa, state, name, &cond, &perms);  in apparmor_bprm_set_creds()
409 		state = aa_dfa_null_transition(profile->file.dfa, state);  in apparmor_bprm_set_creds()
410 		cp = change_profile_perms(profile, cxt->onexec->ns,  in apparmor_bprm_set_creds()
422 		new_profile = x_to_profile(profile, name, perms.xindex);  in apparmor_bprm_set_creds()
430 				new_profile = aa_get_profile(profile);  in apparmor_bprm_set_creds()
442 	} else if (COMPLAIN_MODE(profile)) {  in apparmor_bprm_set_creds()
444 		new_profile = aa_new_null_profile(profile, 0);  in apparmor_bprm_set_creds()
506 	aa_put_profile(cxt->profile);  in apparmor_bprm_set_creds()
508 	cxt->profile = new_profile;  in apparmor_bprm_set_creds()
514 	error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,  in apparmor_bprm_set_creds()
518 	aa_put_profile(profile);  in apparmor_bprm_set_creds()
547 	struct aa_profile *profile = __aa_current_profile();  in apparmor_bprm_committing_creds()  local
551 	if ((new_cxt->profile == profile) ||  in apparmor_bprm_committing_creds()
552 	    (unconfined(new_cxt->profile)))  in apparmor_bprm_committing_creds()
558 	__aa_transition_rlimits(profile, new_cxt->profile);  in apparmor_bprm_committing_creds()
608 	struct aa_profile *profile, *previous_profile, *hat = NULL;  in aa_change_hat()  local
626 	profile = aa_cred_profile(cred);  in aa_change_hat()
629 	if (unconfined(profile)) {  in aa_change_hat()
638 		if (PROFILE_IS_HAT(profile))  in aa_change_hat()
639 			root = aa_get_profile_rcu(&profile->parent);  in aa_change_hat()
641 			root = aa_get_profile(profile);  in aa_change_hat()
671 			hat = aa_new_null_profile(profile, 1);  in aa_change_hat()
716 		error = aa_audit_file(profile, &perms, GFP_KERNEL,  in aa_change_hat()
747 	struct aa_profile *profile, *target = NULL;  in aa_change_profile()  local
766 	profile = aa_cred_profile(cred);  in aa_change_profile()
775 	if (task_no_new_privs(current) && !unconfined(profile)) {  in aa_change_profile()
782 		ns = aa_find_namespace(profile->ns, ns_name);  in aa_change_profile()
792 		ns = aa_get_namespace(profile->ns);  in aa_change_profile()
796 		if (unconfined(profile))  in aa_change_profile()
799 			hname = profile->base.hname;  in aa_change_profile()
802 	perms = change_profile_perms(profile, ns, hname, request,  in aa_change_profile()
803 				     profile->file.start);  in aa_change_profile()
814 		if (permtest || !COMPLAIN_MODE(profile))  in aa_change_profile()
817 		target = aa_new_null_profile(profile, 0);  in aa_change_profile()
842 		error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request,  in aa_change_profile()