140 	struct aa_label *label;  in apparmor_capget()  local
145 	label = aa_get_newest_cred_label(cred);  in apparmor_capget()
151 	if (!unconfined(label)) {  in apparmor_capget()
155 		label_for_each_confined(i, label, profile) {  in apparmor_capget()
165 	aa_put_label(label);  in apparmor_capget()
173 	struct aa_label *label;  in apparmor_capable()  local
176 	label = aa_get_newest_cred_label(cred);  in apparmor_capable()
177 	if (!unconfined(label))  in apparmor_capable()
178 		error = aa_capable(label, cap, opts);  in apparmor_capable()
179 	aa_put_label(label);  in apparmor_capable()
196 	struct aa_label *label;  in common_perm()  local
199 	label = __begin_current_label_crit_section();  in common_perm()
200 	if (!unconfined(label))  in common_perm()
201 		error = aa_path_perm(op, label, path, 0, mask, cond);  in common_perm()
202 	__end_current_label_crit_section(label);  in common_perm()
329 	struct aa_label *label;  in apparmor_path_link()  local
335 	label = begin_current_label_crit_section();  in apparmor_path_link()
336 	if (!unconfined(label))  in apparmor_path_link()
337 		error = aa_path_link(label, old_dentry, new_dir, new_dentry);  in apparmor_path_link()
338 	end_current_label_crit_section(label);  in apparmor_path_link()
346 	struct aa_label *label;  in apparmor_path_rename()  local
352 	label = begin_current_label_crit_section();  in apparmor_path_rename()
353 	if (!unconfined(label)) {  in apparmor_path_rename()
362 		error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,  in apparmor_path_rename()
367 			error = aa_path_perm(OP_RENAME_DEST, label, &new_path,  in apparmor_path_rename()
372 	end_current_label_crit_section(label);  in apparmor_path_rename()
395 	struct aa_label *label;  in apparmor_file_open()  local
411 	label = aa_get_newest_cred_label(file->f_cred);  in apparmor_file_open()
412 	if (!unconfined(label)) {  in apparmor_file_open()
416 		error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,  in apparmor_file_open()
421 	aa_put_label(label);  in apparmor_file_open()
429 	struct aa_label *label = begin_current_label_crit_section();  in apparmor_file_alloc_security()  local
432 	rcu_assign_pointer(ctx->label, aa_get_label(label));  in apparmor_file_alloc_security()
433 	end_current_label_crit_section(label);  in apparmor_file_alloc_security()
442 		aa_put_label(rcu_access_pointer(ctx->label));  in apparmor_file_free_security()
447 	struct aa_label *label;  in common_file_perm()  local
454 	label = __begin_current_label_crit_section();  in common_file_perm()
455 	error = aa_file_perm(op, label, file, mask);  in common_file_perm()
456 	__end_current_label_crit_section(label);  in common_file_perm()
519 	struct aa_label *label;  in apparmor_sb_mount()  local
528 	label = __begin_current_label_crit_section();  in apparmor_sb_mount()
529 	if (!unconfined(label)) {  in apparmor_sb_mount()
531 			error = aa_remount(label, path, flags, data);  in apparmor_sb_mount()
533 			error = aa_bind_mount(label, path, dev_name, flags);  in apparmor_sb_mount()
536 			error = aa_mount_change_type(label, path, flags);  in apparmor_sb_mount()
538 			error = aa_move_mount(label, path, dev_name);  in apparmor_sb_mount()
540 			error = aa_new_mount(label, dev_name, path, type,  in apparmor_sb_mount()
543 	__end_current_label_crit_section(label);  in apparmor_sb_mount()
550 	struct aa_label *label;  in apparmor_sb_umount()  local
553 	label = __begin_current_label_crit_section();  in apparmor_sb_umount()
554 	if (!unconfined(label))  in apparmor_sb_umount()
555 		error = aa_umount(label, mnt, flags);  in apparmor_sb_umount()
556 	__end_current_label_crit_section(label);  in apparmor_sb_umount()
564 	struct aa_label *label;  in apparmor_sb_pivotroot()  local
567 	label = aa_get_current_label();  in apparmor_sb_pivotroot()
568 	if (!unconfined(label))  in apparmor_sb_pivotroot()
569 		error = aa_pivotroot(label, old_path, new_path);  in apparmor_sb_pivotroot()
570 	aa_put_label(label);  in apparmor_sb_pivotroot()
582 	struct aa_label *label = NULL;  in apparmor_getprocattr()  local
585 		label = aa_get_newest_label(cred_label(cred));  in apparmor_getprocattr()
587 		label = aa_get_newest_label(ctx->previous);  in apparmor_getprocattr()
589 		label = aa_get_newest_label(ctx->onexec);  in apparmor_getprocattr()
593 	if (label)  in apparmor_getprocattr()
594 		error = aa_getprocattr(label, value);  in apparmor_getprocattr()
596 	aa_put_label(label);  in apparmor_getprocattr()
667 	aad(&sa)->label = begin_current_label_crit_section();  in apparmor_setprocattr()
671 	end_current_label_crit_section(aad(&sa)->label);  in apparmor_setprocattr()
681 	struct aa_label *label = aa_current_raw_label();  in apparmor_bprm_committing_creds()  local
685 	if ((new_label->proxy == label->proxy) ||  in apparmor_bprm_committing_creds()
694 	__aa_transition_rlimits(label, new_label);  in apparmor_bprm_committing_creds()
711 	struct aa_label *label = aa_get_task_label(p);  in apparmor_task_getsecid()  local
712 	*secid = label->secid;  in apparmor_task_getsecid()
713 	aa_put_label(label);  in apparmor_task_getsecid()
719 	struct aa_label *label = __begin_current_label_crit_section();  in apparmor_task_setrlimit()  local
722 	if (!unconfined(label))  in apparmor_task_setrlimit()
723 		error = aa_task_setrlimit(label, task, resource, new_rlim);  in apparmor_task_setrlimit()
724 	__end_current_label_crit_section(label);  in apparmor_task_setrlimit()
780 	aa_put_label(ctx->label);  in apparmor_sk_free_security()
794 	new->label = aa_get_label(ctx->label);  in apparmor_sk_clone_security()
803 	struct aa_label *label;  in apparmor_socket_create()  local
808 	label = begin_current_label_crit_section();  in apparmor_socket_create()
809 	if (!(kern || unconfined(label)))  in apparmor_socket_create()
811 				  create_perm(label, family, type, protocol),  in apparmor_socket_create()
812 				  aa_af_perm(label, OP_CREATE, AA_MAY_CREATE,  in apparmor_socket_create()
814 	end_current_label_crit_section(label);  in apparmor_socket_create()
832 	struct aa_label *label;  in apparmor_socket_post_create()  local
837 		label = aa_get_label(ns_unconfined(ns));  in apparmor_socket_post_create()
840 		label = aa_get_current_label();  in apparmor_socket_post_create()
845 		aa_put_label(ctx->label);  in apparmor_socket_post_create()
846 		ctx->label = aa_get_label(label);  in apparmor_socket_post_create()
848 	aa_put_label(label);  in apparmor_socket_post_create()
1033 	return apparmor_secmark_check(ctx->label, OP_RECVMSG, AA_MAY_RECEIVE,  in apparmor_socket_sock_rcv_skb()
1061 	struct aa_label *label;  in apparmor_socket_getpeersec_stream()  local
1064 	label = begin_current_label_crit_section();  in apparmor_socket_getpeersec_stream()
1070 	slen = aa_label_asxprint(&name, labels_ns(label), peer,  in apparmor_socket_getpeersec_stream()
1091 	end_current_label_crit_section(label);  in apparmor_socket_getpeersec_stream()
1127 	if (!ctx->label)  in apparmor_sock_graft()
1128 		ctx->label = aa_get_current_label();  in apparmor_sock_graft()
1140 	return apparmor_secmark_check(ctx->label, OP_CONNECT, AA_MAY_CONNECT,  in apparmor_inet_conn_request()
1628 	if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND,  in apparmor_ip_postroute()