570 	struct aa_label *new = NULL;  in x_to_label()  local
585 			new = x_table_lookup(profile, xindex, lookupname);  in x_to_label()
593 			new = find_attach(bprm, ns, &profile->base.profiles,  in x_to_label()
597 			new = find_attach(bprm, ns, &ns->base.profiles,  in x_to_label()
603 	if (!new) {  in x_to_label()
610 			new = aa_get_newest_label(&profile->label);  in x_to_label()
612 			new = aa_get_newest_label(ns_unconfined(profile->ns));  in x_to_label()
617 	if (new && stack) {  in x_to_label()
619 		struct aa_label *base = new;  in x_to_label()
621 		new = aa_label_parse(base, stack, GFP_KERNEL, true, false);  in x_to_label()
622 		if (IS_ERR(new))  in x_to_label()
623 			new = NULL;  in x_to_label()
628 	return new;  in x_to_label()
639 	struct aa_label *new = NULL;  in profile_transition()  local
657 			new = aa_get_newest_label(&profile->label);  in profile_transition()
664 		new = find_attach(bprm, profile->ns,  in profile_transition()
666 		if (new) {  in profile_transition()
668 			return new;  in profile_transition()
678 		new = x_to_label(profile, bprm, name, perms.xindex, &target,  in profile_transition()
680 		if (new && new->proxy == profile->label.proxy && info) {  in profile_transition()
683 		} else if (!new) {  in profile_transition()
700 			new = &new_profile->label;  in profile_transition()
707 	if (!new)  in profile_transition()
715 			aa_label_printk(new, GFP_KERNEL);  in profile_transition()
723 		      target, new,  in profile_transition()
725 	if (!new || nonewprivs) {  in profile_transition()
726 		aa_put_label(new);  in profile_transition()
730 	return new;  in profile_transition()
817 	struct aa_label *new;  in handle_onexec()  local
831 		new = fn_label_build_in_ns(label, profile, GFP_KERNEL,  in handle_onexec()
844 		new = fn_label_build_in_ns(label, profile, GFP_KERNEL,  in handle_onexec()
852 	if (new)  in handle_onexec()
853 		return new;  in handle_onexec()
876 	struct aa_label *label, *new = NULL;  in apparmor_bprm_creds_for_exec()  local
917 		new = handle_onexec(subj_cred, label, ctx->onexec, ctx->token,  in apparmor_bprm_creds_for_exec()
920 		new = fn_label_build(label, profile, GFP_KERNEL,  in apparmor_bprm_creds_for_exec()
925 	AA_BUG(!new);  in apparmor_bprm_creds_for_exec()
926 	if (IS_ERR(new)) {  in apparmor_bprm_creds_for_exec()
927 		error = PTR_ERR(new);  in apparmor_bprm_creds_for_exec()
929 	} else if (!new) {  in apparmor_bprm_creds_for_exec()
944 	    !aa_label_is_unconfined_subset(new, ctx->nnp)) {  in apparmor_bprm_creds_for_exec()
957 		error = may_change_ptraced_domain(bprm->cred, new, &info);  in apparmor_bprm_creds_for_exec()
966 			aa_label_printk(new, GFP_KERNEL);  in apparmor_bprm_creds_for_exec()
972 	if (label->proxy != new->proxy) {  in apparmor_bprm_creds_for_exec()
977 			aa_label_printk(new, GFP_KERNEL);  in apparmor_bprm_creds_for_exec()
984 	set_cred_label(bprm->cred, new);  in apparmor_bprm_creds_for_exec()
996 				      bprm->filename, NULL, new,  in apparmor_bprm_creds_for_exec()
998 	aa_put_label(new);  in apparmor_bprm_creds_for_exec()
1066 	struct aa_label *new;  in change_hat()  local
1147 	new = fn_label_build_in_ns(label, profile, GFP_KERNEL,  in change_hat()
1151 	if (!new) {  in change_hat()
1157 	return new;  in change_hat()
1181 	struct aa_label *label, *previous, *new = NULL, *target = NULL;  in aa_change_hat()  local
1209 		new = change_hat(subj_cred, label, hats, count, flags);  in aa_change_hat()
1210 		AA_BUG(!new);  in aa_change_hat()
1211 		if (IS_ERR(new)) {  in aa_change_hat()
1212 			error = PTR_ERR(new);  in aa_change_hat()
1213 			new = NULL;  in aa_change_hat()
1219 		error = may_change_ptraced_domain(subj_cred, new, &info);  in aa_change_hat()
1228 		    !aa_label_is_unconfined_subset(new, ctx->nnp)) {  in aa_change_hat()
1238 		target = new;  in aa_change_hat()
1239 		error = aa_set_current_hat(new, token);  in aa_change_hat()
1269 	aa_put_label(new);  in aa_change_hat()
1331 	struct aa_label *label, *new = NULL, *target = NULL;  in aa_change_profile()  local
1466 		new = fn_label_build_in_ns(label, profile, GFP_KERNEL,  in aa_change_profile()
1474 		    !aa_label_is_unconfined_subset(new, ctx->nnp)) {  in aa_change_profile()
1485 			new = aa_label_merge(label, target, GFP_KERNEL);  in aa_change_profile()
1486 		if (IS_ERR_OR_NULL(new)) {  in aa_change_profile()
1488 			if (!new)  in aa_change_profile()
1491 				error = PTR_ERR(new);  in aa_change_profile()
1492 			new = NULL;  in aa_change_profile()
1496 		error = aa_replace_current_label(new);  in aa_change_profile()
1498 		if (new) {  in aa_change_profile()
1499 			aa_put_label(new);  in aa_change_profile()
1500 			new = NULL;  in aa_change_profile()
1511 				      NULL, new ? new : target,  in aa_change_profile()
1515 	aa_put_label(new);  in aa_change_profile()