apparmor: refactor prepare_ns() and make usable from different views

prepare_ns() will need to be called from alternate views, and namespaces
will need to be created via different interfaces. So refactor and
allow specifying the view ns.

Signed-off-by: John Johansen <john.johansen@canonical.com>

2 files changed, 5 insertions, 2 deletions

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index da62d29d3992..1573cade8812 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -184,7 +184,8 @@ struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base,
 					const char *fqname, size_t n);
 struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name);
 
-ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace);
+ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size,
+			    bool noreplace);
 ssize_t aa_remove_profiles(char *name, size_t size);
 void __aa_profile_list_release(struct list_head *head);
 
diff --git a/security/apparmor/include/policy_ns.h b/security/apparmor/include/policy_ns.h
index e4c876544adc..820d86d266fe 100644
--- a/security/apparmor/include/policy_ns.h
+++ b/security/apparmor/include/policy_ns.h
@@ -83,7 +83,9 @@ void aa_free_ns_kref(struct kref *kref);
 
 struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name);
 struct aa_ns *aa_findn_ns(struct aa_ns *root, const char *name, size_t n);
-struct aa_ns *aa_prepare_ns(const char *name);
+struct aa_ns *__aa_find_or_create_ns(struct aa_ns *parent, const char *name,
+				     struct dentry *dir);
+struct aa_ns *aa_prepare_ns(struct aa_ns *root, const char *name);
 void __aa_remove_ns(struct aa_ns *ns);
 
 static inline struct aa_profile *aa_deref_parent(struct aa_profile *p)