apparmor: use common fn to clear task_context for domain transitions

		return -ENOMEM;

	cxt = new->security;

	if (unconfined(profile) || (cxt->profile->ns != profile->ns)) {

	if (unconfined(profile) || (cxt->profile->ns != profile->ns))

		/* if switching to unconfined or a different profile namespace

		 * clear out context state

		 */

		aa_put_profile(cxt->previous);

		aa_put_profile(cxt->onexec);

		cxt->previous = NULL;

		cxt->onexec = NULL;

		cxt->token = 0;

	}

		aa_clear_task_cxt_trans(cxt);

	/* be careful switching cxt->profile, when racing replacement it

	 * is possible that cxt->profile->replacedby is the reference keeping

	 * @profile valid, so make sure to get its reference before dropping

		aa_get_profile(cxt->profile);

		aa_put_profile(cxt->previous);

	}

	/* clear exec && prev information when restoring to previous context */

	/* ref has been transfered so avoid putting ref in clear_task_cxt */

	cxt->previous = NULL;

	cxt->token = 0;

	aa_put_profile(cxt->onexec);

	cxt->onexec = NULL;

	/* clear exec && prev information when restoring to previous context */

	aa_clear_task_cxt_trans(cxt);

	commit_creds(new);

	return 0;

	cxt->profile = new_profile;

	/* clear out all temporary/transitional state from the context */

	aa_put_profile(cxt->previous);

	aa_put_profile(cxt->onexec);

	cxt->previous = NULL;

	cxt->onexec = NULL;

	cxt->token = 0;

	aa_clear_task_cxt_trans(cxt);

audit:

	error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,

	return profile;

}

/**

 * aa_clear_task_cxt_trans - clear transition tracking info from the cxt

 * @cxt: task context to clear (NOT NULL)

 */

static inline void aa_clear_task_cxt_trans(struct aa_task_cxt *cxt)

{

	aa_put_profile(cxt->previous);

	aa_put_profile(cxt->onexec);

	cxt->previous = NULL;

	cxt->onexec = NULL;

	cxt->token = 0;

}

#endif /* __AA_CONTEXT_H */