115 	AA_BUG(!profile->ns);  in __add_profile()
116 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __add_profile()
121 	l = aa_label_insert(&profile->ns->labels, &profile->label);  in __add_profile()
141 	AA_BUG(!profile->ns);  in __list_remove_profile()
142 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __list_remove_profile()
157 	AA_BUG(!profile->ns);  in __remove_profile()
158 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __remove_profile()
219 	aa_put_ns(profile->ns);  in aa_free_profile()
361 static struct aa_policy *__lookup_parent(struct aa_ns *ns,  in __lookup_parent()  argument
368 	policy = &ns->base;  in __lookup_parent()
380 		return &ns->base;  in __lookup_parent()
433 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,  in aa_lookupn_profile()  argument
440 		profile = __lookupn_profile(&ns->base, hname, n);  in aa_lookupn_profile()
446 		profile = aa_get_newest_profile(ns->unconfined);  in aa_lookupn_profile()
452 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)  in aa_lookup_profile()  argument
454 	return aa_lookupn_profile(ns, hname, strlen(hname));  in aa_lookup_profile()
461 	struct aa_ns *ns;  in aa_fqlookupn_profile()  local
467 		ns = aa_lookupn_ns(labels_ns(base), ns_name, ns_len);  in aa_fqlookupn_profile()
468 		if (!ns)  in aa_fqlookupn_profile()
471 		ns = aa_get_ns(labels_ns(base));  in aa_fqlookupn_profile()
474 		profile = aa_lookupn_profile(ns, name, n - (name - fqname));  in aa_fqlookupn_profile()
475 	else if (ns)  in aa_fqlookupn_profile()
477 		profile = aa_get_newest_profile(ns->unconfined);  in aa_fqlookupn_profile()
480 	aa_put_ns(ns);  in aa_fqlookupn_profile()
526 		atomic_inc_return(&parent->ns->uniq_null));  in aa_new_null_profile()
547 	profile->ns = aa_get_ns(parent->ns);  in aa_new_null_profile()
551 	mutex_lock_nested(&profile->ns->lock, profile->ns->level);  in aa_new_null_profile()
559 	mutex_unlock(&profile->ns->lock);  in aa_new_null_profile()
601 	if (aad(sa)->iface.ns) {  in audit_cb()
603 		audit_log_untrustedstring(ab, aad(sa)->iface.ns);  in audit_cb()
624 	aad(&sa)->iface.ns = ns_name;  in audit_policy()
643 bool policy_view_capable(struct aa_ns *ns)  in policy_view_capable()  argument
650 	if (!ns)  in policy_view_capable()
651 		ns = view_ns;  in policy_view_capable()
653 	if (root_in_user_ns && aa_ns_visible(view_ns, ns, true) &&  in policy_view_capable()
663 bool policy_admin_capable(struct aa_ns *ns)  in policy_admin_capable()  argument
671 	return policy_view_capable(ns) && capable && !aa_g_lock_policy;  in policy_admin_capable()
681 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)  in aa_may_manage_policy()  argument
697 	if (!policy_admin_capable(ns))  in aa_may_manage_policy()
797 static int __lookup_replace(struct aa_ns *ns, const char *hname,  in __lookup_replace()  argument
801 	*p = aa_get_profile(__lookup_profile(&ns->base, hname));  in __lookup_replace()
830 					   mutex_is_locked(&new->ns->lock));  in update_to_newest_parent()
861 	struct aa_ns *ns = NULL;  in aa_replace_profiles()  local
900 		ns = aa_prepare_ns(policy_ns ? policy_ns : labels_ns(label),  in aa_replace_profiles()
902 		if (IS_ERR(ns)) {  in aa_replace_profiles()
905 			error = PTR_ERR(ns);  in aa_replace_profiles()
906 			ns = NULL;  in aa_replace_profiles()
911 		ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(label));  in aa_replace_profiles()
913 	mutex_lock_nested(&ns->lock, ns->level);  in aa_replace_profiles()
915 	list_for_each_entry(rawdata_ent, &ns->rawdata_list, list) {  in aa_replace_profiles()
933 		error = __lookup_replace(ns, ent->new->base.hname,  in aa_replace_profiles()
940 			error = __lookup_replace(ns, ent->new->rename,  in aa_replace_profiles()
948 		ent->new->ns = aa_get_ns(ns);  in aa_replace_profiles()
954 		policy = __lookup_parent(ns, ent->new->base.hname);  in aa_replace_profiles()
964 		} else if (policy != &ns->base) {  in aa_replace_profiles()
973 		error = __aa_fs_create_rawdata(ns, udata);  in aa_replace_profiles()
988 				parent = ns_subprofs_dir(ent->new->ns);  in aa_replace_profiles()
999 	__aa_bump_ns_revision(ns);  in aa_replace_profiles()
1000 	__aa_loaddata_update(udata, ns->revision);  in aa_replace_profiles()
1035 				lh = &ns->base.profiles;  in aa_replace_profiles()
1041 	__aa_labelset_update_subtree(ns);  in aa_replace_profiles()
1042 	mutex_unlock(&ns->lock);  in aa_replace_profiles()
1045 	aa_put_ns(ns);  in aa_replace_profiles()
1054 	mutex_unlock(&ns->lock);  in aa_replace_profiles()
1098 	struct aa_ns *ns = NULL;  in aa_remove_profiles()  local
1115 		ns = aa_lookupn_ns(policy_ns ? policy_ns : labels_ns(subj),  in aa_remove_profiles()
1117 		if (!ns) {  in aa_remove_profiles()
1124 		ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(subj));  in aa_remove_profiles()
1128 		mutex_lock_nested(&ns->parent->lock, ns->level);  in aa_remove_profiles()
1129 		__aa_bump_ns_revision(ns);  in aa_remove_profiles()
1130 		__aa_remove_ns(ns);  in aa_remove_profiles()
1131 		mutex_unlock(&ns->parent->lock);  in aa_remove_profiles()
1134 		mutex_lock_nested(&ns->lock, ns->level);  in aa_remove_profiles()
1135 		profile = aa_get_profile(__lookup_profile(&ns->base, name));  in aa_remove_profiles()
1142 		__aa_bump_ns_revision(ns);  in aa_remove_profiles()
1144 		__aa_labelset_update_subtree(ns);  in aa_remove_profiles()
1145 		mutex_unlock(&ns->lock);  in aa_remove_profiles()
1151 	aa_put_ns(ns);  in aa_remove_profiles()
1156 	mutex_unlock(&ns->lock);  in aa_remove_profiles()
1157 	aa_put_ns(ns);  in aa_remove_profiles()