apparmor: add utility function to get an arbitrary tasks profile.

	aa_get_profile(new->onexec);

}

/**

 * aa_get_task_profile - Get another task's profile

 * @task: task to query  (NOT NULL)

 *

 * Returns: counted reference to @task's profile

 */

struct aa_profile *aa_get_task_profile(struct task_struct *task)

{

	struct aa_profile *p;

	rcu_read_lock();

	p = aa_get_profile(__aa_task_profile(task));

	rcu_read_unlock();

	return p;

}

/**

 * aa_replace_current_profile - replace the current tasks profiles

 * @profile: new profile  (NOT NULL)

				     struct aa_profile *to_profile)

{

	struct task_struct *tracer;

	const struct cred *cred = NULL;

	struct aa_profile *tracerp = NULL;

	int error = 0;

	rcu_read_lock();

	tracer = ptrace_parent(task);

	if (tracer) {

	if (tracer)

		/* released below */

		cred = get_task_cred(tracer);

		tracerp = aa_cred_profile(cred);

	}

		tracerp = aa_get_task_profile(tracer);

	/* not ptraced */

	if (!tracer || unconfined(tracerp))

out:

	rcu_read_unlock();

	if (cred)

		put_cred(cred);

	aa_put_profile(tracerp);

	return error;

}

int aa_set_current_onexec(struct aa_profile *profile);

int aa_set_current_hat(struct aa_profile *profile, u64 token);

int aa_restore_previous_profile(u64 cookie);

struct aa_profile *aa_get_task_profile(struct task_struct *task);

/**

 * __aa_task_is_confined - determine if @task has any confinement

 * @task: task to check confinement of  (NOT NULL)

 *

 * If @task != current needs to be called in RCU safe critical section

 */

static inline bool __aa_task_is_confined(struct task_struct *task)

{

	struct aa_task_cxt *cxt = __task_cred(task)->security;

	BUG_ON(!cxt || !cxt->profile);

	if (unconfined(aa_newest_version(cxt->profile)))

		return 0;

	return 1;

}

/**

 * aa_cred_profile - obtain cred's profiles

	return aa_newest_version(cxt->profile);

}

/**

 * __aa_task_profile - retrieve another task's profile

 * @task: task to query  (NOT NULL)

 *

 * Returns: @task's profile without incrementing its ref count

 *

 * If @task != current needs to be called in RCU safe critical section

 */

static inline struct aa_profile *__aa_task_profile(struct task_struct *task)

{

	return aa_cred_profile(__task_cred(task));

}

/**

 * __aa_task_is_confined - determine if @task has any confinement

 * @task: task to check confinement of  (NOT NULL)

 *

 * If @task != current needs to be called in RCU safe critical section

 */

static inline bool __aa_task_is_confined(struct task_struct *task)

{

	return !unconfined(__aa_task_profile(task));

}

/**

 * __aa_current_profile - find the current tasks confining profile

 *

	 *       - tracer profile has CAP_SYS_PTRACE

	 */

	struct aa_profile *tracer_p;

	/* cred released below */

	const struct cred *cred = get_task_cred(tracer);

	struct aa_profile *tracer_p = aa_get_task_profile(tracer);

	int error = 0;

	tracer_p = aa_cred_profile(cred);

	if (!unconfined(tracer_p)) {

		/* lcred released below */

		const struct cred *lcred = get_task_cred(tracee);

		struct aa_profile *tracee_p = aa_cred_profile(lcred);

		struct aa_profile *tracee_p = aa_get_task_profile(tracee);

		error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);

		error = aa_audit_ptrace(tracer_p, tracee_p, error);

		put_cred(lcred);

		aa_put_profile(tracee_p);

	}

	put_cred(cred);

	aa_put_profile(tracer_p);

	return error;

}