apparmor: Make aa_remove_profile() callable from a different view

This is prep work for fs operations being able to remove namespaces.

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/apparmorfs.c

@@ -180,7 +180,8 @@ static ssize_t profile_remove(struct file *f, const char __user *buf,
 	error = PTR_ERR(data);
 	if (!IS_ERR(data)) {
 		data[size] = 0;
-		error = aa_remove_profiles(data, size);
+		error = aa_remove_profiles(__aa_current_profile()->ns, data,
+					   size);
 		kvfree(data);
 	}
 

security/apparmor/include/policy.h

@@ -187,7 +187,7 @@ struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name);
 
 ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size,
 			    bool noreplace);
-ssize_t aa_remove_profiles(char *name, size_t size);
+ssize_t aa_remove_profiles(struct aa_ns *view, char *name, size_t size);
 void __aa_profile_list_release(struct list_head *head);
 
 #define PROF_ADD 1

security/apparmor/policy.c

@@ -944,6 +944,7 @@ free:
 
 /**
  * aa_remove_profiles - remove profile(s) from the system
+ * @view: namespace the remove is being done from
  * @fqname: name of the profile or namespace to remove  (NOT NULL)
  * @size: size of the name
  *
@@ -954,9 +955,9 @@ free:
  *
  * Returns: size of data consume else error code if fails
  */
-ssize_t aa_remove_profiles(char *fqname, size_t size)
+ssize_t aa_remove_profiles(struct aa_ns *view, char *fqname, size_t size)
 {
-	struct aa_ns *root, *ns = NULL;
+	struct aa_ns *root = NULL, *ns = NULL;
 	struct aa_profile *profile = NULL;
 	const char *name = fqname, *info = NULL;
 	ssize_t error = 0;
@@ -967,7 +968,7 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
 		goto fail;
 	}
 
-	root = aa_current_profile()->ns;
+	root = view;
 
 	if (fqname[0] == ':') {
 		char *ns_name;