167 	struct aa_label *label;  in apparmor_capget()  local
172 	label = aa_get_newest_cred_label(cred);  in apparmor_capget()
178 	if (!unconfined(label)) {  in apparmor_capget()
182 		label_for_each_confined(i, label, profile) {  in apparmor_capget()
191 	aa_put_label(label);  in apparmor_capget()
199 	struct aa_label *label;  in apparmor_capable()  local
202 	label = aa_get_newest_cred_label(cred);  in apparmor_capable()
203 	if (!unconfined(label))  in apparmor_capable()
204 		error = aa_capable(cred, label, cap, opts);  in apparmor_capable()
205 	aa_put_label(label);  in apparmor_capable()
222 	struct aa_label *label;  in common_perm()  local
226 	label = __begin_current_label_crit_section(&needput);  in common_perm()
227 	if (!unconfined(label))  in common_perm()
228 		error = aa_path_perm(op, current_cred(), label, path, 0, mask,  in common_perm()
230 	__end_current_label_crit_section(label, needput);  in common_perm()
367 	struct aa_label *label;  in apparmor_path_link()  local
373 	label = begin_current_label_crit_section();  in apparmor_path_link()
374 	if (!unconfined(label))  in apparmor_path_link()
375 		error = aa_path_link(current_cred(), label, old_dentry, new_dir,  in apparmor_path_link()
377 	end_current_label_crit_section(label);  in apparmor_path_link()
386 	struct aa_label *label;  in apparmor_path_rename()  local
394 	label = begin_current_label_crit_section();  in apparmor_path_rename()
395 	if (!unconfined(label)) {  in apparmor_path_rename()
416 					     label, &new_path, 0,  in apparmor_path_rename()
422 						     label, &old_path,  in apparmor_path_rename()
429 					     label, &old_path, 0,  in apparmor_path_rename()
435 					     label, &new_path,  in apparmor_path_rename()
440 	end_current_label_crit_section(label);  in apparmor_path_rename()
463 	struct aa_label *label;  in apparmor_file_open()  local
482 	label = aa_get_newest_cred_label_condref(file->f_cred, &needput);  in apparmor_file_open()
483 	if (!unconfined(label)) {  in apparmor_file_open()
494 				     label, &file->f_path, 0,  in apparmor_file_open()
499 	aa_put_label_condref(label, needput);  in apparmor_file_open()
507 	struct aa_label *label = begin_current_label_crit_section();  in apparmor_file_alloc_security()  local
510 	rcu_assign_pointer(ctx->label, aa_get_label(label));  in apparmor_file_alloc_security()
511 	end_current_label_crit_section(label);  in apparmor_file_alloc_security()
520 		aa_put_label(rcu_access_pointer(ctx->label));  in apparmor_file_free_security()
526 	struct aa_label *label;  in common_file_perm()  local
534 	label = __begin_current_label_crit_section(&needput);  in common_file_perm()
535 	error = aa_file_perm(op, current_cred(), label, file, mask, in_atomic);  in common_file_perm()
536 	__end_current_label_crit_section(label, needput);  in common_file_perm()
638 	rules = profile->label.rules[0];  in profile_uring()
667 	struct aa_label *label;  in apparmor_uring_override_creds()  local
674 	label = __begin_current_label_crit_section(&needput);  in apparmor_uring_override_creds()
675 	error = fn_for_each(label, profile,  in apparmor_uring_override_creds()
678 	__end_current_label_crit_section(label, needput);  in apparmor_uring_override_creds()
692 	struct aa_label *label;  in apparmor_uring_sqpoll()  local
698 	label = __begin_current_label_crit_section(&needput);  in apparmor_uring_sqpoll()
699 	error = fn_for_each(label, profile,  in apparmor_uring_sqpoll()
702 	__end_current_label_crit_section(label, needput);  in apparmor_uring_sqpoll()
711 	struct aa_label *label;  in apparmor_sb_mount()  local
721 	label = __begin_current_label_crit_section(&needput);  in apparmor_sb_mount()
722 	if (!unconfined(label)) {  in apparmor_sb_mount()
724 			error = aa_remount(current_cred(), label, path, flags,  in apparmor_sb_mount()
727 			error = aa_bind_mount(current_cred(), label, path,  in apparmor_sb_mount()
731 			error = aa_mount_change_type(current_cred(), label,  in apparmor_sb_mount()
734 			error = aa_move_mount_old(current_cred(), label, path,  in apparmor_sb_mount()
737 			error = aa_new_mount(current_cred(), label, dev_name,  in apparmor_sb_mount()
740 	__end_current_label_crit_section(label, needput);  in apparmor_sb_mount()
748 	struct aa_label *label;  in apparmor_move_mount()  local
752 	label = __begin_current_label_crit_section(&needput);  in apparmor_move_mount()
753 	if (!unconfined(label))  in apparmor_move_mount()
754 		error = aa_move_mount(current_cred(), label, from_path,  in apparmor_move_mount()
756 	__end_current_label_crit_section(label, needput);  in apparmor_move_mount()
763 	struct aa_label *label;  in apparmor_sb_umount()  local
767 	label = __begin_current_label_crit_section(&needput);  in apparmor_sb_umount()
768 	if (!unconfined(label))  in apparmor_sb_umount()
769 		error = aa_umount(current_cred(), label, mnt, flags);  in apparmor_sb_umount()
770 	__end_current_label_crit_section(label, needput);  in apparmor_sb_umount()
778 	struct aa_label *label;  in apparmor_sb_pivotroot()  local
781 	label = aa_get_current_label();  in apparmor_sb_pivotroot()
782 	if (!unconfined(label))  in apparmor_sb_pivotroot()
783 		error = aa_pivotroot(current_cred(), label, old_path, new_path);  in apparmor_sb_pivotroot()
784 	aa_put_label(label);  in apparmor_sb_pivotroot()
794 	struct aa_label *label = NULL;  in apparmor_getselfattr()  local
799 		label = aa_get_newest_label(cred_label(current_cred()));  in apparmor_getselfattr()
803 			label = aa_get_newest_label(ctx->previous);  in apparmor_getselfattr()
807 			label = aa_get_newest_label(ctx->onexec);  in apparmor_getselfattr()
814 	if (label) {  in apparmor_getselfattr()
815 		error = aa_getprocattr(label, &value, false);  in apparmor_getselfattr()
822 	aa_put_label(label);  in apparmor_getselfattr()
836 	struct aa_label *label = NULL;  in apparmor_getprocattr()  local
839 		label = aa_get_newest_label(cred_label(cred));  in apparmor_getprocattr()
841 		label = aa_get_newest_label(ctx->previous);  in apparmor_getprocattr()
843 		label = aa_get_newest_label(ctx->onexec);  in apparmor_getprocattr()
847 	if (label)  in apparmor_getprocattr()
848 		error = aa_getprocattr(label, value, true);  in apparmor_getprocattr()
850 	aa_put_label(label);  in apparmor_getprocattr()
964 	struct aa_label *label = aa_current_raw_label();  in apparmor_bprm_committing_creds()  local
968 	if ((new_label->proxy == label->proxy) ||  in apparmor_bprm_committing_creds()
977 	__aa_transition_rlimits(label, new_label);  in apparmor_bprm_committing_creds()
994 	struct aa_label *label;  in apparmor_current_getlsmprop_subj()  local
997 	label = __begin_current_label_crit_section(&needput);  in apparmor_current_getlsmprop_subj()
998 	prop->apparmor.label = label;  in apparmor_current_getlsmprop_subj()
999 	__end_current_label_crit_section(label, needput);  in apparmor_current_getlsmprop_subj()
1005 	struct aa_label *label = aa_get_task_label(p);  in apparmor_task_getlsmprop_obj()  local
1007 	prop->apparmor.label = label;  in apparmor_task_getlsmprop_obj()
1008 	aa_put_label(label);  in apparmor_task_getlsmprop_obj()
1014 	struct aa_label *label;  in apparmor_task_setrlimit()  local
1018 	label = __begin_current_label_crit_section(&needput);  in apparmor_task_setrlimit()
1020 	if (!unconfined(label))  in apparmor_task_setrlimit()
1021 		error = aa_task_setrlimit(current_cred(), label, task,  in apparmor_task_setrlimit()
1023 	__end_current_label_crit_section(label, needput);  in apparmor_task_setrlimit()
1058 	struct aa_label *label;  in apparmor_userns_create()  local
1066 	label = begin_current_label_crit_section();  in apparmor_userns_create()
1067 	if (!unconfined(label)) {  in apparmor_userns_create()
1068 		error = fn_for_each(label, profile,  in apparmor_userns_create()
1072 	end_current_label_crit_section(label);  in apparmor_userns_create()
1080 	struct aa_label *label;  in apparmor_sk_alloc_security()  local
1083 	label = __begin_current_label_crit_section(&needput);  in apparmor_sk_alloc_security()
1085 	rcu_assign_pointer(ctx->label, aa_get_label(label));  in apparmor_sk_alloc_security()
1088 	__end_current_label_crit_section(label, needput);  in apparmor_sk_alloc_security()
1097 	aa_put_label(rcu_dereference_protected(ctx->label, true));  in apparmor_sk_free_security()
1114 	if (rcu_access_pointer(ctx->label) != rcu_access_pointer(new->label)) {  in apparmor_sk_clone_security()
1115 		aa_put_label(rcu_dereference_protected(new->label, true));  in apparmor_sk_clone_security()
1116 		rcu_assign_pointer(new->label, aa_get_label_rcu(&ctx->label));  in apparmor_sk_clone_security()
1131 static int unix_connect_perm(const struct cred *cred, struct aa_label *label,  in unix_connect_perm()  argument
1137 	error = aa_unix_peer_perm(cred, label, OP_CONNECT,  in unix_connect_perm()
1140 				  rcu_dereference_protected(peer_ctx->label,  in unix_connect_perm()
1145 				rcu_dereference_protected(peer_ctx->label,  in unix_connect_perm()
1149 							  peer_sk, sk, label));  in unix_connect_perm()
1160 	struct aa_label *label = rcu_dereference_protected(sk_ctx->label, true);  in unix_connect_peers()  local
1162 	aa_get_label(label);  in unix_connect_peers()
1165 	rcu_assign_pointer(peer_ctx->peer, label);	/* transfer cnt */  in unix_connect_peers()
1167 	label = aa_get_label(rcu_dereference_protected(peer_ctx->label,  in unix_connect_peers()
1177 	rcu_assign_pointer(sk_ctx->peer, aa_get_label(label));  in unix_connect_peers()
1178 	rcu_assign_pointer(sk_ctx->peer_lastupdate, label);     /* transfer cnt */  in unix_connect_peers()
1199 	struct aa_label *label;  in apparmor_unix_stream_connect()  local
1203 	label = __begin_current_label_crit_section(&needput);  in apparmor_unix_stream_connect()
1204 	error = unix_connect_perm(current_cred(), label, sk, peer_sk);  in apparmor_unix_stream_connect()
1205 	__end_current_label_crit_section(label, needput);  in apparmor_unix_stream_connect()
1213 	rcu_assign_pointer(new_ctx->label,  in apparmor_unix_stream_connect()
1214 			   aa_get_label(rcu_dereference_protected(peer_ctx->label,  in apparmor_unix_stream_connect()
1242 	struct aa_label *label;  in apparmor_unix_may_send()  local
1246 	label = __begin_current_label_crit_section(&needput);  in apparmor_unix_may_send()
1248 				label, OP_SENDMSG, AA_MAY_SEND,  in apparmor_unix_may_send()
1250 				rcu_dereference_protected(peer_ctx->label,  in apparmor_unix_may_send()
1253 				rcu_dereference_protected(peer_ctx->label,  in apparmor_unix_may_send()
1256 				sock->sk, label));  in apparmor_unix_may_send()
1257 	__end_current_label_crit_section(label, needput);  in apparmor_unix_may_send()
1264 	struct aa_label *label;  in apparmor_socket_create()  local
1272 	label = begin_current_label_crit_section();  in apparmor_socket_create()
1273 	if (!unconfined(label)) {  in apparmor_socket_create()
1275 			error = aa_unix_create_perm(label, family, type,  in apparmor_socket_create()
1278 			error = aa_af_perm(current_cred(), label, OP_CREATE,  in apparmor_socket_create()
1282 	end_current_label_crit_section(label);  in apparmor_socket_create()
1304 	struct aa_label *label;  in apparmor_socket_post_create()  local
1307 		label = aa_get_label(kernel_t);  in apparmor_socket_post_create()
1309 		label = aa_get_current_label();  in apparmor_socket_post_create()
1315 		aa_put_label(rcu_dereference_protected(ctx->label, true));  in apparmor_socket_post_create()
1316 		rcu_assign_pointer(ctx->label, aa_get_label(label));  in apparmor_socket_post_create()
1318 	aa_put_label(label);  in apparmor_socket_post_create()
1328 	struct aa_label *label;  in apparmor_socket_socketpair()  local
1331 	label = begin_current_label_crit_section();  in apparmor_socket_socketpair()
1332 	if (rcu_access_pointer(a_ctx->label) != label) {  in apparmor_socket_socketpair()
1334 		aa_put_label(rcu_dereference_protected(a_ctx->label, true));  in apparmor_socket_socketpair()
1335 		rcu_assign_pointer(a_ctx->label, aa_get_label(label));  in apparmor_socket_socketpair()
1337 	if (rcu_access_pointer(b_ctx->label) != label) {  in apparmor_socket_socketpair()
1339 		aa_put_label(rcu_dereference_protected(b_ctx->label, true));  in apparmor_socket_socketpair()
1340 		rcu_assign_pointer(b_ctx->label, aa_get_label(label));  in apparmor_socket_socketpair()
1347 	end_current_label_crit_section(label);  in apparmor_socket_socketpair()
1523 	if (!rcu_access_pointer(ctx->label))  in apparmor_socket_sock_rcv_skb()
1527 	error = apparmor_secmark_check(rcu_dereference(ctx->label), OP_RECVMSG,  in apparmor_socket_sock_rcv_skb()
1539 	struct aa_label *label = ERR_PTR(-ENOPROTOOPT);  in sk_peer_get_label()  local
1547 	return label;  in sk_peer_get_label()
1566 	struct aa_label *label;  in apparmor_socket_getpeersec_stream()  local
1574 	label = begin_current_label_crit_section();  in apparmor_socket_getpeersec_stream()
1575 	slen = aa_label_asxprint(&name, labels_ns(label), peer,  in apparmor_socket_getpeersec_stream()
1595 	end_current_label_crit_section(label);  in apparmor_socket_getpeersec_stream()
1634 	if (!rcu_access_pointer(ctx->label))  in apparmor_sock_graft()
1635 		rcu_assign_pointer(ctx->label, aa_get_current_label());  in apparmor_sock_graft()
1649 	error = apparmor_secmark_check(rcu_dereference(ctx->label), OP_CONNECT,  in apparmor_inet_conn_request()
2373 	error = apparmor_secmark_check(rcu_dereference(ctx->label), OP_SENDMSG,  in apparmor_ip_postroute()