115 	AA_BUG(!profile->ns);  in __add_profile()
116 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __add_profile()
121 	l = aa_label_insert(&profile->ns->labels, &profile->label);  in __add_profile()
141 	AA_BUG(!profile->ns);  in __list_remove_profile()
142 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __list_remove_profile()
157 	AA_BUG(!profile->ns);  in __remove_profile()
158 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __remove_profile()
219 	aa_put_ns(profile->ns);  in aa_free_profile()
360 static struct aa_policy *__lookup_parent(struct aa_ns *ns,  in __lookup_parent()  argument
367 	policy = &ns->base;  in __lookup_parent()
379 		return &ns->base;  in __lookup_parent()
432 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,  in aa_lookupn_profile()  argument
439 		profile = __lookupn_profile(&ns->base, hname, n);  in aa_lookupn_profile()
445 		profile = aa_get_newest_profile(ns->unconfined);  in aa_lookupn_profile()
451 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)  in aa_lookup_profile()  argument
453 	return aa_lookupn_profile(ns, hname, strlen(hname));  in aa_lookup_profile()
460 	struct aa_ns *ns;  in aa_fqlookupn_profile()  local
466 		ns = aa_lookupn_ns(labels_ns(base), ns_name, ns_len);  in aa_fqlookupn_profile()
467 		if (!ns)  in aa_fqlookupn_profile()
470 		ns = aa_get_ns(labels_ns(base));  in aa_fqlookupn_profile()
473 		profile = aa_lookupn_profile(ns, name, n - (name - fqname));  in aa_fqlookupn_profile()
474 	else if (ns)  in aa_fqlookupn_profile()
476 		profile = aa_get_newest_profile(ns->unconfined);  in aa_fqlookupn_profile()
479 	aa_put_ns(ns);  in aa_fqlookupn_profile()
525 		atomic_inc_return(&parent->ns->uniq_null));  in aa_new_null_profile()
546 	profile->ns = aa_get_ns(parent->ns);  in aa_new_null_profile()
550 	mutex_lock_nested(&profile->ns->lock, profile->ns->level);  in aa_new_null_profile()
558 	mutex_unlock(&profile->ns->lock);  in aa_new_null_profile()
600 	if (aad(sa)->iface.ns) {  in audit_cb()
602 		audit_log_untrustedstring(ab, aad(sa)->iface.ns);  in audit_cb()
623 	aad(&sa)->iface.ns = ns_name;  in audit_policy()
642 bool policy_view_capable(struct aa_ns *ns)  in policy_view_capable()  argument
649 	if (!ns)  in policy_view_capable()
650 		ns = view_ns;  in policy_view_capable()
652 	if (root_in_user_ns && aa_ns_visible(view_ns, ns, true) &&  in policy_view_capable()
662 bool policy_admin_capable(struct aa_ns *ns)  in policy_admin_capable()  argument
670 	return policy_view_capable(ns) && capable && !aa_g_lock_policy;  in policy_admin_capable()
680 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)  in aa_may_manage_policy()  argument
696 	if (!policy_admin_capable(ns))  in aa_may_manage_policy()
796 static int __lookup_replace(struct aa_ns *ns, const char *hname,  in __lookup_replace()  argument
800 	*p = aa_get_profile(__lookup_profile(&ns->base, hname));  in __lookup_replace()
829 					   mutex_is_locked(&new->ns->lock));  in update_to_newest_parent()
860 	struct aa_ns *ns = NULL;  in aa_replace_profiles()  local
899 		ns = aa_prepare_ns(policy_ns ? policy_ns : labels_ns(label),  in aa_replace_profiles()
901 		if (IS_ERR(ns)) {  in aa_replace_profiles()
904 			error = PTR_ERR(ns);  in aa_replace_profiles()
905 			ns = NULL;  in aa_replace_profiles()
910 		ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(label));  in aa_replace_profiles()
912 	mutex_lock_nested(&ns->lock, ns->level);  in aa_replace_profiles()
914 	list_for_each_entry(rawdata_ent, &ns->rawdata_list, list) {  in aa_replace_profiles()
932 		error = __lookup_replace(ns, ent->new->base.hname,  in aa_replace_profiles()
939 			error = __lookup_replace(ns, ent->new->rename,  in aa_replace_profiles()
947 		ent->new->ns = aa_get_ns(ns);  in aa_replace_profiles()
953 		policy = __lookup_parent(ns, ent->new->base.hname);  in aa_replace_profiles()
963 		} else if (policy != &ns->base) {  in aa_replace_profiles()
972 		error = __aa_fs_create_rawdata(ns, udata);  in aa_replace_profiles()
987 				parent = ns_subprofs_dir(ent->new->ns);  in aa_replace_profiles()
998 	__aa_bump_ns_revision(ns);  in aa_replace_profiles()
999 	__aa_loaddata_update(udata, ns->revision);  in aa_replace_profiles()
1034 				lh = &ns->base.profiles;  in aa_replace_profiles()
1040 	__aa_labelset_update_subtree(ns);  in aa_replace_profiles()
1041 	mutex_unlock(&ns->lock);  in aa_replace_profiles()
1044 	aa_put_ns(ns);  in aa_replace_profiles()
1052 	mutex_unlock(&ns->lock);  in aa_replace_profiles()
1096 	struct aa_ns *ns = NULL;  in aa_remove_profiles()  local
1113 		ns = aa_lookupn_ns(policy_ns ? policy_ns : labels_ns(subj),  in aa_remove_profiles()
1115 		if (!ns) {  in aa_remove_profiles()
1122 		ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(subj));  in aa_remove_profiles()
1126 		mutex_lock_nested(&ns->parent->lock, ns->level);  in aa_remove_profiles()
1127 		__aa_bump_ns_revision(ns);  in aa_remove_profiles()
1128 		__aa_remove_ns(ns);  in aa_remove_profiles()
1129 		mutex_unlock(&ns->parent->lock);  in aa_remove_profiles()
1132 		mutex_lock_nested(&ns->lock, ns->level);  in aa_remove_profiles()
1133 		profile = aa_get_profile(__lookup_profile(&ns->base, name));  in aa_remove_profiles()
1140 		__aa_bump_ns_revision(ns);  in aa_remove_profiles()
1142 		__aa_labelset_update_subtree(ns);  in aa_remove_profiles()
1143 		mutex_unlock(&ns->lock);  in aa_remove_profiles()
1149 	aa_put_ns(ns);  in aa_remove_profiles()
1154 	mutex_unlock(&ns->lock);  in aa_remove_profiles()
1155 	aa_put_ns(ns);  in aa_remove_profiles()