146 	struct aa_label *label;  in apparmor_capget()  local
151 	label = aa_get_newest_cred_label(cred);  in apparmor_capget()
157 	if (!unconfined(label)) {  in apparmor_capget()
161 		label_for_each_confined(i, label, profile) {  in apparmor_capget()
171 	aa_put_label(label);  in apparmor_capget()
179 	struct aa_label *label;  in apparmor_capable()  local
182 	label = aa_get_newest_cred_label(cred);  in apparmor_capable()
183 	if (!unconfined(label))  in apparmor_capable()
184 		error = aa_capable(label, cap, audit);  in apparmor_capable()
185 	aa_put_label(label);  in apparmor_capable()
202 	struct aa_label *label;  in common_perm()  local
205 	label = __begin_current_label_crit_section();  in common_perm()
206 	if (!unconfined(label))  in common_perm()
207 		error = aa_path_perm(op, label, path, 0, mask, cond);  in common_perm()
208 	__end_current_label_crit_section(label);  in common_perm()
335 	struct aa_label *label;  in apparmor_path_link()  local
341 	label = begin_current_label_crit_section();  in apparmor_path_link()
342 	if (!unconfined(label))  in apparmor_path_link()
343 		error = aa_path_link(label, old_dentry, new_dir, new_dentry);  in apparmor_path_link()
344 	end_current_label_crit_section(label);  in apparmor_path_link()
352 	struct aa_label *label;  in apparmor_path_rename()  local
358 	label = begin_current_label_crit_section();  in apparmor_path_rename()
359 	if (!unconfined(label)) {  in apparmor_path_rename()
368 		error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,  in apparmor_path_rename()
373 			error = aa_path_perm(OP_RENAME_DEST, label, &new_path,  in apparmor_path_rename()
378 	end_current_label_crit_section(label);  in apparmor_path_rename()
401 	struct aa_label *label;  in apparmor_file_open()  local
417 	label = aa_get_newest_cred_label(file->f_cred);  in apparmor_file_open()
418 	if (!unconfined(label)) {  in apparmor_file_open()
422 		error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,  in apparmor_file_open()
427 	aa_put_label(label);  in apparmor_file_open()
437 	struct aa_label *label = begin_current_label_crit_section();  in apparmor_file_alloc_security()  local
438 	file->f_security = aa_alloc_file_ctx(label, GFP_KERNEL);  in apparmor_file_alloc_security()
441 	end_current_label_crit_section(label);  in apparmor_file_alloc_security()
453 	struct aa_label *label;  in common_file_perm()  local
460 	label = __begin_current_label_crit_section();  in common_file_perm()
461 	error = aa_file_perm(op, label, file, mask);  in common_file_perm()
462 	__end_current_label_crit_section(label);  in common_file_perm()
525 	struct aa_label *label;  in apparmor_sb_mount()  local
534 	label = __begin_current_label_crit_section();  in apparmor_sb_mount()
535 	if (!unconfined(label)) {  in apparmor_sb_mount()
537 			error = aa_remount(label, path, flags, data);  in apparmor_sb_mount()
539 			error = aa_bind_mount(label, path, dev_name, flags);  in apparmor_sb_mount()
542 			error = aa_mount_change_type(label, path, flags);  in apparmor_sb_mount()
544 			error = aa_move_mount(label, path, dev_name);  in apparmor_sb_mount()
546 			error = aa_new_mount(label, dev_name, path, type,  in apparmor_sb_mount()
549 	__end_current_label_crit_section(label);  in apparmor_sb_mount()
556 	struct aa_label *label;  in apparmor_sb_umount()  local
559 	label = __begin_current_label_crit_section();  in apparmor_sb_umount()
560 	if (!unconfined(label))  in apparmor_sb_umount()
561 		error = aa_umount(label, mnt, flags);  in apparmor_sb_umount()
562 	__end_current_label_crit_section(label);  in apparmor_sb_umount()
570 	struct aa_label *label;  in apparmor_sb_pivotroot()  local
573 	label = aa_get_current_label();  in apparmor_sb_pivotroot()
574 	if (!unconfined(label))  in apparmor_sb_pivotroot()
575 		error = aa_pivotroot(label, old_path, new_path);  in apparmor_sb_pivotroot()
576 	aa_put_label(label);  in apparmor_sb_pivotroot()
588 	struct aa_label *label = NULL;  in apparmor_getprocattr()  local
591 		label = aa_get_newest_label(cred_label(cred));  in apparmor_getprocattr()
593 		label = aa_get_newest_label(ctx->previous);  in apparmor_getprocattr()
595 		label = aa_get_newest_label(ctx->onexec);  in apparmor_getprocattr()
599 	if (label)  in apparmor_getprocattr()
600 		error = aa_getprocattr(label, value);  in apparmor_getprocattr()
602 	aa_put_label(label);  in apparmor_getprocattr()
673 	aad(&sa)->label = begin_current_label_crit_section();  in apparmor_setprocattr()
677 	end_current_label_crit_section(aad(&sa)->label);  in apparmor_setprocattr()
687 	struct aa_label *label = aa_current_raw_label();  in apparmor_bprm_committing_creds()  local
691 	if ((new_label->proxy == label->proxy) ||  in apparmor_bprm_committing_creds()
700 	__aa_transition_rlimits(label, new_label);  in apparmor_bprm_committing_creds()
717 	struct aa_label *label = aa_get_task_label(p);  in apparmor_task_getsecid()  local
718 	*secid = label->secid;  in apparmor_task_getsecid()
719 	aa_put_label(label);  in apparmor_task_getsecid()
725 	struct aa_label *label = __begin_current_label_crit_section();  in apparmor_task_setrlimit()  local
728 	if (!unconfined(label))  in apparmor_task_setrlimit()
729 		error = aa_task_setrlimit(label, task, resource, new_rlim);  in apparmor_task_setrlimit()
730 	__end_current_label_crit_section(label);  in apparmor_task_setrlimit()
786 	aa_put_label(ctx->label);  in apparmor_sk_free_security()
800 	new->label = aa_get_label(ctx->label);  in apparmor_sk_clone_security()
809 	struct aa_label *label;  in apparmor_socket_create()  local
814 	label = begin_current_label_crit_section();  in apparmor_socket_create()
815 	if (!(kern || unconfined(label)))  in apparmor_socket_create()
817 				  create_perm(label, family, type, protocol),  in apparmor_socket_create()
818 				  aa_af_perm(label, OP_CREATE, AA_MAY_CREATE,  in apparmor_socket_create()
820 	end_current_label_crit_section(label);  in apparmor_socket_create()
838 	struct aa_label *label;  in apparmor_socket_post_create()  local
843 		label = aa_get_label(ns_unconfined(ns));  in apparmor_socket_post_create()
846 		label = aa_get_current_label();  in apparmor_socket_post_create()
851 		aa_put_label(ctx->label);  in apparmor_socket_post_create()
852 		ctx->label = aa_get_label(label);  in apparmor_socket_post_create()
854 	aa_put_label(label);  in apparmor_socket_post_create()
1059 	struct aa_label *label;  in apparmor_socket_getpeersec_stream()  local
1062 	label = begin_current_label_crit_section();  in apparmor_socket_getpeersec_stream()
1068 	slen = aa_label_asxprint(&name, labels_ns(label), peer,  in apparmor_socket_getpeersec_stream()
1089 	end_current_label_crit_section(label);  in apparmor_socket_getpeersec_stream()
1125 	if (!ctx->label)  in apparmor_sock_graft()
1126 		ctx->label = aa_get_current_label();  in apparmor_sock_graft()