120 	AA_BUG(!profile->ns);  in __add_profile()
121 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __add_profile()
126 	l = aa_label_insert(&profile->ns->labels, &profile->label);  in __add_profile()
146 	AA_BUG(!profile->ns);  in __list_remove_profile()
147 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __list_remove_profile()
162 	AA_BUG(!profile->ns);  in __remove_profile()
163 	AA_BUG(!mutex_is_locked(&profile->ns->lock));  in __remove_profile()
224 	aa_put_ns(profile->ns);  in aa_free_profile()
362 static struct aa_policy *__lookup_parent(struct aa_ns *ns,  in __lookup_parent()  argument
369 	policy = &ns->base;  in __lookup_parent()
381 		return &ns->base;  in __lookup_parent()
434 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,  in aa_lookupn_profile()  argument
441 		profile = __lookupn_profile(&ns->base, hname, n);  in aa_lookupn_profile()
447 		profile = aa_get_newest_profile(ns->unconfined);  in aa_lookupn_profile()
453 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)  in aa_lookup_profile()  argument
455 	return aa_lookupn_profile(ns, hname, strlen(hname));  in aa_lookup_profile()
462 	struct aa_ns *ns;  in aa_fqlookupn_profile()  local
468 		ns = aa_lookupn_ns(labels_ns(base), ns_name, ns_len);  in aa_fqlookupn_profile()
469 		if (!ns)  in aa_fqlookupn_profile()
472 		ns = aa_get_ns(labels_ns(base));  in aa_fqlookupn_profile()
475 		profile = aa_lookupn_profile(ns, name, n - (name - fqname));  in aa_fqlookupn_profile()
476 	else if (ns)  in aa_fqlookupn_profile()
478 		profile = aa_get_newest_profile(ns->unconfined);  in aa_fqlookupn_profile()
481 	aa_put_ns(ns);  in aa_fqlookupn_profile()
527 		atomic_inc_return(&parent->ns->uniq_null));  in aa_new_null_profile()
548 	profile->ns = aa_get_ns(parent->ns);  in aa_new_null_profile()
552 	mutex_lock_nested(&profile->ns->lock, profile->ns->level);  in aa_new_null_profile()
560 	mutex_unlock(&profile->ns->lock);  in aa_new_null_profile()
602 	if (aad(sa)->iface.ns) {  in audit_cb()
604 		audit_log_untrustedstring(ab, aad(sa)->iface.ns);  in audit_cb()
625 	aad(&sa)->iface.ns = ns_name;  in audit_policy()
644 bool policy_view_capable(struct aa_ns *ns)  in policy_view_capable()  argument
651 	if (!ns)  in policy_view_capable()
652 		ns = view_ns;  in policy_view_capable()
654 	if (root_in_user_ns && aa_ns_visible(view_ns, ns, true) &&  in policy_view_capable()
664 bool policy_admin_capable(struct aa_ns *ns)  in policy_admin_capable()  argument
672 	return policy_view_capable(ns) && capable && !aa_g_lock_policy;  in policy_admin_capable()
682 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask)  in aa_may_manage_policy()  argument
698 	if (!policy_admin_capable(ns))  in aa_may_manage_policy()
798 static int __lookup_replace(struct aa_ns *ns, const char *hname,  in __lookup_replace()  argument
802 	*p = aa_get_profile(__lookup_profile(&ns->base, hname));  in __lookup_replace()
831 					   mutex_is_locked(&new->ns->lock));  in update_to_newest_parent()
862 	struct aa_ns *ns = NULL;  in aa_replace_profiles()  local
901 		ns = aa_prepare_ns(policy_ns ? policy_ns : labels_ns(label),  in aa_replace_profiles()
903 		if (IS_ERR(ns)) {  in aa_replace_profiles()
906 			error = PTR_ERR(ns);  in aa_replace_profiles()
907 			ns = NULL;  in aa_replace_profiles()
912 		ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(label));  in aa_replace_profiles()
914 	mutex_lock_nested(&ns->lock, ns->level);  in aa_replace_profiles()
916 	list_for_each_entry(rawdata_ent, &ns->rawdata_list, list) {  in aa_replace_profiles()
934 		error = __lookup_replace(ns, ent->new->base.hname,  in aa_replace_profiles()
941 			error = __lookup_replace(ns, ent->new->rename,  in aa_replace_profiles()
949 		ent->new->ns = aa_get_ns(ns);  in aa_replace_profiles()
955 		policy = __lookup_parent(ns, ent->new->base.hname);  in aa_replace_profiles()
965 		} else if (policy != &ns->base) {  in aa_replace_profiles()
974 		error = __aa_fs_create_rawdata(ns, udata);  in aa_replace_profiles()
989 				parent = ns_subprofs_dir(ent->new->ns);  in aa_replace_profiles()
1000 	__aa_bump_ns_revision(ns);  in aa_replace_profiles()
1001 	__aa_loaddata_update(udata, ns->revision);  in aa_replace_profiles()
1036 				lh = &ns->base.profiles;  in aa_replace_profiles()
1042 	__aa_labelset_update_subtree(ns);  in aa_replace_profiles()
1043 	mutex_unlock(&ns->lock);  in aa_replace_profiles()
1046 	aa_put_ns(ns);  in aa_replace_profiles()
1054 	mutex_unlock(&ns->lock);  in aa_replace_profiles()
1098 	struct aa_ns *ns = NULL;  in aa_remove_profiles()  local
1115 		ns = aa_lookupn_ns(policy_ns ? policy_ns : labels_ns(subj),  in aa_remove_profiles()
1117 		if (!ns) {  in aa_remove_profiles()
1124 		ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(subj));  in aa_remove_profiles()
1128 		mutex_lock_nested(&ns->parent->lock, ns->level);  in aa_remove_profiles()
1129 		__aa_remove_ns(ns);  in aa_remove_profiles()
1130 		__aa_bump_ns_revision(ns);  in aa_remove_profiles()
1131 		mutex_unlock(&ns->parent->lock);  in aa_remove_profiles()
1134 		mutex_lock_nested(&ns->lock, ns->level);  in aa_remove_profiles()
1135 		profile = aa_get_profile(__lookup_profile(&ns->base, name));  in aa_remove_profiles()
1143 		__aa_labelset_update_subtree(ns);  in aa_remove_profiles()
1144 		__aa_bump_ns_revision(ns);  in aa_remove_profiles()
1145 		mutex_unlock(&ns->lock);  in aa_remove_profiles()
1151 	aa_put_ns(ns);  in aa_remove_profiles()
1156 	mutex_unlock(&ns->lock);  in aa_remove_profiles()
1157 	aa_put_ns(ns);  in aa_remove_profiles()