556 	struct aa_label *new = NULL;  in x_to_label()  local
571 			new = x_table_lookup(profile, xindex, lookupname);  in x_to_label()
579 			new = find_attach(bprm, ns, &profile->base.profiles,  in x_to_label()
583 			new = find_attach(bprm, ns, &ns->base.profiles,  in x_to_label()
589 	if (!new) {  in x_to_label()
596 			new = aa_get_newest_label(&profile->label);  in x_to_label()
598 			new = aa_get_newest_label(ns_unconfined(profile->ns));  in x_to_label()
603 	if (new && stack) {  in x_to_label()
605 		struct aa_label *base = new;  in x_to_label()
607 		new = aa_label_parse(base, stack, GFP_ATOMIC, true, false);  in x_to_label()
608 		if (IS_ERR(new))  in x_to_label()
609 			new = NULL;  in x_to_label()
614 	return new;  in x_to_label()
622 	struct aa_label *new = NULL;  in profile_transition()  local
642 			new = aa_get_newest_label(&profile->label);  in profile_transition()
649 		new = find_attach(bprm, profile->ns,  in profile_transition()
651 		if (new) {  in profile_transition()
653 			return new;  in profile_transition()
663 		new = x_to_label(profile, bprm, name, perms.xindex, &target,  in profile_transition()
665 		if (new && new->proxy == profile->label.proxy && info) {  in profile_transition()
668 		} else if (!new) {  in profile_transition()
677 			label_for_each(i, new, component) {  in profile_transition()
683 					aa_put_label(new);  in profile_transition()
684 					new = NULL;  in profile_transition()
711 			new = &new_profile->label;  in profile_transition()
718 	if (!new)  in profile_transition()
726 			aa_label_printk(new, GFP_ATOMIC);  in profile_transition()
733 	aa_audit_file(profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,  in profile_transition()
735 	if (!new || nonewprivs) {  in profile_transition()
736 		aa_put_label(new);  in profile_transition()
740 	return new;  in profile_transition()
822 	struct aa_label *new;  in handle_onexec()  local
836 		new = fn_label_build_in_ns(label, profile, GFP_ATOMIC,  in handle_onexec()
848 		new = fn_label_build_in_ns(label, profile, GFP_ATOMIC,  in handle_onexec()
855 	if (new)  in handle_onexec()
856 		return new;  in handle_onexec()
878 	struct aa_label *label, *new = NULL;  in apparmor_bprm_set_creds()  local
913 		new = handle_onexec(label, ctx->onexec, ctx->token,  in apparmor_bprm_set_creds()
916 		new = fn_label_build(label, profile, GFP_ATOMIC,  in apparmor_bprm_set_creds()
920 	AA_BUG(!new);  in apparmor_bprm_set_creds()
921 	if (IS_ERR(new)) {  in apparmor_bprm_set_creds()
922 		error = PTR_ERR(new);  in apparmor_bprm_set_creds()
924 	} else if (!new) {  in apparmor_bprm_set_creds()
938 	    !unconfined(label) && !aa_label_is_subset(new, ctx->nnp)) {  in apparmor_bprm_set_creds()
951 		error = may_change_ptraced_domain(new, &info);  in apparmor_bprm_set_creds()
960 			aa_label_printk(new, GFP_ATOMIC);  in apparmor_bprm_set_creds()
966 	if (label->proxy != new->proxy) {  in apparmor_bprm_set_creds()
971 			aa_label_printk(new, GFP_ATOMIC);  in apparmor_bprm_set_creds()
978 	cred_label(bprm->cred) = new;  in apparmor_bprm_set_creds()
989 				      bprm->filename, NULL, new,  in apparmor_bprm_set_creds()
992 	aa_put_label(new);  in apparmor_bprm_set_creds()
1057 	struct aa_label *new;  in change_hat()  local
1137 	new = fn_label_build_in_ns(label, profile, GFP_KERNEL,  in change_hat()
1140 	if (!new) {  in change_hat()
1146 	return new;  in change_hat()
1170 	struct aa_label *label, *previous, *new = NULL, *target = NULL;  in aa_change_hat()  local
1198 		new = change_hat(label, hats, count, flags);  in aa_change_hat()
1199 		AA_BUG(!new);  in aa_change_hat()
1200 		if (IS_ERR(new)) {  in aa_change_hat()
1201 			error = PTR_ERR(new);  in aa_change_hat()
1202 			new = NULL;  in aa_change_hat()
1207 		error = may_change_ptraced_domain(new, &info);  in aa_change_hat()
1216 		    !aa_label_is_subset(new, ctx->nnp)) {  in aa_change_hat()
1226 		target = new;  in aa_change_hat()
1227 		error = aa_set_current_hat(new, token);  in aa_change_hat()
1257 	aa_put_label(new);  in aa_change_hat()
1313 	struct aa_label *label, *new = NULL, *target = NULL;  in aa_change_profile()  local
1425 		new = fn_label_build_in_ns(label, profile, GFP_KERNEL,  in aa_change_profile()
1433 		    !aa_label_is_subset(new, ctx->nnp)) {  in aa_change_profile()
1444 			new = aa_label_merge(label, target, GFP_KERNEL);  in aa_change_profile()
1445 		if (IS_ERR_OR_NULL(new)) {  in aa_change_profile()
1447 			error = PTR_ERR(new);  in aa_change_profile()
1448 			new = NULL;  in aa_change_profile()
1452 		error = aa_replace_current_label(new);  in aa_change_profile()
1454 		if (new) {  in aa_change_profile()
1455 			aa_put_label(new);  in aa_change_profile()
1456 			new = NULL;  in aa_change_profile()
1466 				      NULL, new ? new : target,  in aa_change_profile()
1470 	aa_put_label(new);  in aa_change_profile()