150 	struct aa_label *label;  in apparmor_capget()  local
155 	label = aa_get_newest_cred_label(cred);  in apparmor_capget()
161 	if (!unconfined(label)) {  in apparmor_capget()
165 		label_for_each_confined(i, label, profile) {  in apparmor_capget()
175 	aa_put_label(label);  in apparmor_capget()
183 	struct aa_label *label;  in apparmor_capable()  local
186 	label = aa_get_newest_cred_label(cred);  in apparmor_capable()
187 	if (!unconfined(label))  in apparmor_capable()
188 		error = aa_capable(label, cap, opts);  in apparmor_capable()
189 	aa_put_label(label);  in apparmor_capable()
206 	struct aa_label *label;  in common_perm()  local
209 	label = __begin_current_label_crit_section();  in common_perm()
210 	if (!unconfined(label))  in common_perm()
211 		error = aa_path_perm(op, label, path, 0, mask, cond);  in common_perm()
212 	__end_current_label_crit_section(label);  in common_perm()
339 	struct aa_label *label;  in apparmor_path_link()  local
345 	label = begin_current_label_crit_section();  in apparmor_path_link()
346 	if (!unconfined(label))  in apparmor_path_link()
347 		error = aa_path_link(label, old_dentry, new_dir, new_dentry);  in apparmor_path_link()
348 	end_current_label_crit_section(label);  in apparmor_path_link()
356 	struct aa_label *label;  in apparmor_path_rename()  local
362 	label = begin_current_label_crit_section();  in apparmor_path_rename()
363 	if (!unconfined(label)) {  in apparmor_path_rename()
372 		error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,  in apparmor_path_rename()
377 			error = aa_path_perm(OP_RENAME_DEST, label, &new_path,  in apparmor_path_rename()
382 	end_current_label_crit_section(label);  in apparmor_path_rename()
405 	struct aa_label *label;  in apparmor_file_open()  local
421 	label = aa_get_newest_cred_label(file->f_cred);  in apparmor_file_open()
422 	if (!unconfined(label)) {  in apparmor_file_open()
426 		error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,  in apparmor_file_open()
431 	aa_put_label(label);  in apparmor_file_open()
439 	struct aa_label *label = begin_current_label_crit_section();  in apparmor_file_alloc_security()  local
442 	rcu_assign_pointer(ctx->label, aa_get_label(label));  in apparmor_file_alloc_security()
443 	end_current_label_crit_section(label);  in apparmor_file_alloc_security()
452 		aa_put_label(rcu_access_pointer(ctx->label));  in apparmor_file_free_security()
458 	struct aa_label *label;  in common_file_perm()  local
465 	label = __begin_current_label_crit_section();  in common_file_perm()
466 	error = aa_file_perm(op, label, file, mask, in_atomic);  in common_file_perm()
467 	__end_current_label_crit_section(label);  in common_file_perm()
532 	struct aa_label *label;  in apparmor_sb_mount()  local
541 	label = __begin_current_label_crit_section();  in apparmor_sb_mount()
542 	if (!unconfined(label)) {  in apparmor_sb_mount()
544 			error = aa_remount(label, path, flags, data);  in apparmor_sb_mount()
546 			error = aa_bind_mount(label, path, dev_name, flags);  in apparmor_sb_mount()
549 			error = aa_mount_change_type(label, path, flags);  in apparmor_sb_mount()
551 			error = aa_move_mount(label, path, dev_name);  in apparmor_sb_mount()
553 			error = aa_new_mount(label, dev_name, path, type,  in apparmor_sb_mount()
556 	__end_current_label_crit_section(label);  in apparmor_sb_mount()
563 	struct aa_label *label;  in apparmor_sb_umount()  local
566 	label = __begin_current_label_crit_section();  in apparmor_sb_umount()
567 	if (!unconfined(label))  in apparmor_sb_umount()
568 		error = aa_umount(label, mnt, flags);  in apparmor_sb_umount()
569 	__end_current_label_crit_section(label);  in apparmor_sb_umount()
577 	struct aa_label *label;  in apparmor_sb_pivotroot()  local
580 	label = aa_get_current_label();  in apparmor_sb_pivotroot()
581 	if (!unconfined(label))  in apparmor_sb_pivotroot()
582 		error = aa_pivotroot(label, old_path, new_path);  in apparmor_sb_pivotroot()
583 	aa_put_label(label);  in apparmor_sb_pivotroot()
595 	struct aa_label *label = NULL;  in apparmor_getprocattr()  local
598 		label = aa_get_newest_label(cred_label(cred));  in apparmor_getprocattr()
600 		label = aa_get_newest_label(ctx->previous);  in apparmor_getprocattr()
602 		label = aa_get_newest_label(ctx->onexec);  in apparmor_getprocattr()
606 	if (label)  in apparmor_getprocattr()
607 		error = aa_getprocattr(label, value);  in apparmor_getprocattr()
609 	aa_put_label(label);  in apparmor_getprocattr()
680 	aad(&sa)->label = begin_current_label_crit_section();  in apparmor_setprocattr()
684 	end_current_label_crit_section(aad(&sa)->label);  in apparmor_setprocattr()
694 	struct aa_label *label = aa_current_raw_label();  in apparmor_bprm_committing_creds()  local
698 	if ((new_label->proxy == label->proxy) ||  in apparmor_bprm_committing_creds()
707 	__aa_transition_rlimits(label, new_label);  in apparmor_bprm_committing_creds()
724 	struct aa_label *label = aa_get_task_label(p);  in apparmor_task_getsecid()  local
725 	*secid = label->secid;  in apparmor_task_getsecid()
726 	aa_put_label(label);  in apparmor_task_getsecid()
732 	struct aa_label *label = __begin_current_label_crit_section();  in apparmor_task_setrlimit()  local
735 	if (!unconfined(label))  in apparmor_task_setrlimit()
736 		error = aa_task_setrlimit(label, task, resource, new_rlim);  in apparmor_task_setrlimit()
737 	__end_current_label_crit_section(label);  in apparmor_task_setrlimit()
793 	aa_put_label(ctx->label);  in apparmor_sk_free_security()
807 	if (new->label)  in apparmor_sk_clone_security()
808 		aa_put_label(new->label);  in apparmor_sk_clone_security()
809 	new->label = aa_get_label(ctx->label);  in apparmor_sk_clone_security()
821 	struct aa_label *label;  in apparmor_socket_create()  local
826 	label = begin_current_label_crit_section();  in apparmor_socket_create()
827 	if (!(kern || unconfined(label)))  in apparmor_socket_create()
829 				  create_perm(label, family, type, protocol),  in apparmor_socket_create()
830 				  aa_af_perm(label, OP_CREATE, AA_MAY_CREATE,  in apparmor_socket_create()
832 	end_current_label_crit_section(label);  in apparmor_socket_create()
850 	struct aa_label *label;  in apparmor_socket_post_create()  local
855 		label = aa_get_label(ns_unconfined(ns));  in apparmor_socket_post_create()
858 		label = aa_get_current_label();  in apparmor_socket_post_create()
863 		aa_put_label(ctx->label);  in apparmor_socket_post_create()
864 		ctx->label = aa_get_label(label);  in apparmor_socket_post_create()
866 	aa_put_label(label);  in apparmor_socket_post_create()
1051 	return apparmor_secmark_check(ctx->label, OP_RECVMSG, AA_MAY_RECEIVE,  in apparmor_socket_sock_rcv_skb()
1079 	struct aa_label *label;  in apparmor_socket_getpeersec_stream()  local
1082 	label = begin_current_label_crit_section();  in apparmor_socket_getpeersec_stream()
1088 	slen = aa_label_asxprint(&name, labels_ns(label), peer,  in apparmor_socket_getpeersec_stream()
1109 	end_current_label_crit_section(label);  in apparmor_socket_getpeersec_stream()
1145 	if (!ctx->label)  in apparmor_sock_graft()
1146 		ctx->label = aa_get_current_label();  in apparmor_sock_graft()
1158 	return apparmor_secmark_check(ctx->label, OP_CONNECT, AA_MAY_CONNECT,  in apparmor_inet_conn_request()
1758 	if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND,  in apparmor_ip_postroute()