apparmor: convert aa_change_XXX bool parameters to flags

 * @hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)

 * @count: number of hat names in @hats

 * @token: magic value to validate the hat change

 * @permtest: true if this is just a permission test

 * @flags: flags affecting behavior of the change

 *

 * Change to the first profile specified in @hats that exists, and store

 * the @hat_magic in the current task context.  If the count == 0 and the

 *

 * Returns %0 on success, error otherwise.

 */

int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)

int aa_change_hat(const char *hats[], int count, u64 token, int flags)

{

	const struct cred *cred;

	struct aa_task_ctx *ctx;

			/* released below */

			hat = aa_find_child(root, hats[i]);

		if (!hat) {

			if (!COMPLAIN_MODE(root) || permtest) {

			if (!COMPLAIN_MODE(root) || (flags & AA_CHANGE_TEST)) {

				if (list_empty(&root->base.profiles))

					error = -ECHILD;

				else

			goto audit;

		}

		if (!permtest) {

		if (!(flags & AA_CHANGE_TEST)) {

			error = aa_set_current_hat(hat, token);

			if (error == -EACCES)

				/* kill task in case of brute force attacks */

		goto out;

audit:

	if (!permtest)

	if (!(flags & AA_CHANGE_TEST))

		error = aa_audit_file(profile, &perms, OP_CHANGE_HAT,

				      AA_MAY_CHANGEHAT, NULL, target,

				      GLOBAL_ROOT_UID, info, error);

 * aa_change_profile - perform a one-way profile transition

 * @fqname: name of profile may include namespace (NOT NULL)

 * @onexec: whether this transition is to take place immediately or at exec

 * @permtest: true if this is just a permission test

 * @flags: flags affecting change behavior

 *

 * Change to new profile @name.  Unlike with hats, there is no way

 * to change back.  If @name isn't specified the current profile name is

 *

 * Returns %0 on success, error otherwise.

 */

int aa_change_profile(const char *fqname, bool onexec,

		      bool permtest, bool stack)

int aa_change_profile(const char *fqname, int flags)

{

	const struct cred *cred;

	struct aa_profile *profile, *target = NULL;

		return -EINVAL;

	}

	if (onexec) {

	if (flags & AA_CHANGE_ONEXEC) {

		request = AA_MAY_ONEXEC;

		op = OP_CHANGE_ONEXEC;

	} else {

	if (!target) {

		info = "profile not found";

		error = -ENOENT;

		if (permtest || !COMPLAIN_MODE(profile))

		if ((flags & AA_CHANGE_TEST) ||

		    !COMPLAIN_MODE(profile))

			goto audit;

		/* released below */

		target = aa_new_null_profile(profile, false, fqname,

		goto audit;

	}

	if (permtest)

	if (flags & AA_CHANGE_TEST)

		goto audit;

	if (onexec)

	if (flags & AA_CHANGE_ONEXEC)

		error = aa_set_current_onexec(target);

	else

		error = aa_replace_current_profile(target);

audit:

	if (!permtest)

	if (!(flags & AA_CHANGE_TEST))

		error = aa_audit_file(profile, &perms, op, request, NULL,

				      fqname, GLOBAL_ROOT_UID, info, error);

	char **table;

};

#define AA_CHANGE_NOFLAGS 0

#define AA_CHANGE_TEST 1

#define AA_CHANGE_CHILD 2

#define AA_CHANGE_ONEXEC  4

int apparmor_bprm_set_creds(struct linux_binprm *bprm);

int apparmor_bprm_secureexec(struct linux_binprm *bprm);

void aa_free_domain_entries(struct aa_domain *domain);

int aa_change_hat(const char *hats[], int count, u64 token, bool permtest);

int aa_change_profile(const char *fqname, bool onexec, bool permtest,

		      bool stack);

int aa_change_hat(const char *hats[], int count, u64 token, int flags);

int aa_change_profile(const char *fqname, int flags);

#endif /* __AA_DOMAIN_H */

#ifndef __AA_PROCATTR_H

#define __AA_PROCATTR_H

#define AA_DO_TEST 1

#define AA_ONEXEC  1

int aa_getprocattr(struct aa_profile *profile, char **string);

int aa_setprocattr_changehat(char *args, size_t size, int test);

int aa_setprocattr_changeprofile(char *fqname, bool onexec, int test);

int aa_setprocattr_changehat(char *args, size_t size, int flags);

#endif /* __AA_PROCATTR_H */

	if (strcmp(name, "current") == 0) {

		if (strcmp(command, "changehat") == 0) {

			error = aa_setprocattr_changehat(args, arg_size,

							 !AA_DO_TEST);

							 AA_CHANGE_NOFLAGS);

		} else if (strcmp(command, "permhat") == 0) {

			error = aa_setprocattr_changehat(args, arg_size,

							 AA_DO_TEST);

							 AA_CHANGE_TEST);

		} else if (strcmp(command, "changeprofile") == 0) {

			error = aa_change_profile(args, !AA_ONEXEC,

						  !AA_DO_TEST, false);

			error = aa_change_profile(args, AA_CHANGE_NOFLAGS);

		} else if (strcmp(command, "permprofile") == 0) {

			error = aa_change_profile(args, !AA_ONEXEC, AA_DO_TEST,

						  false);

			error = aa_change_profile(args, AA_CHANGE_TEST);

		} else

			goto fail;

	} else if (strcmp(name, "exec") == 0) {

		if (strcmp(command, "exec") == 0)

			error = aa_change_profile(args, AA_ONEXEC, !AA_DO_TEST,

						  false);

			error = aa_change_profile(args, AA_CHANGE_ONEXEC);

		else

			goto fail;

	} else

 * aa_setprocattr_chagnehat - handle procattr interface to change_hat

 * @args: args received from writing to /proc/<pid>/attr/current (NOT NULL)

 * @size: size of the args

 * @test: true if this is a test of change_hat permissions

 * @flags: set of flags governing behavior

 *

 * Returns: %0 or error code if change_hat fails

 */

int aa_setprocattr_changehat(char *args, size_t size, int test)

int aa_setprocattr_changehat(char *args, size_t size, int flags)

{

	char *hat;

	u64 token;

		AA_DEBUG("%s: (pid %d) Magic 0x%llx count %d Hat '%s'\n",

			 __func__, current->pid, token, count, "<NULL>");

	return aa_change_hat(hats, count, token, test);

	return aa_change_hat(hats, count, token, flags);

}