apparmor: use type safe idmapping helpers

	const char *info = NULL;

	int error = 0;

	bool unsafe = false;

	kuid_t i_uid = i_uid_into_mnt(file_mnt_user_ns(bprm->file),

	vfsuid_t vfsuid = i_uid_into_vfsuid(file_mnt_user_ns(bprm->file),

					    file_inode(bprm->file));

	struct path_cond cond = {

		i_uid,

		vfsuid_into_kuid(vfsuid),

		file_inode(bprm->file)->i_mode

	};

	error = fn_for_each(label, profile,

			aa_audit_file(profile, &nullperms, OP_EXEC, MAY_EXEC,

				      bprm->filename, NULL, new,

				      i_uid, info, error));

				      vfsuid_into_kuid(vfsuid), info, error));

	aa_put_label(new);

	goto done;

}

{

	struct aa_profile *profile;

	struct aa_perms perms = {};

	vfsuid_t vfsuid = i_uid_into_vfsuid(file_mnt_user_ns(file),

					    file_inode(file));

	struct path_cond cond = {

		.uid = i_uid_into_mnt(file_mnt_user_ns(file), file_inode(file)),

		.uid = vfsuid_into_kuid(vfsuid),

		.mode = file_inode(file)->i_mode

	};

	char *buffer;

static int common_perm_cond(const char *op, const struct path *path, u32 mask)

{

	struct user_namespace *mnt_userns = mnt_user_ns(path->mnt);

	vfsuid_t vfsuid = i_uid_into_vfsuid(mnt_userns,

					    d_backing_inode(path->dentry));

	struct path_cond cond = {

		i_uid_into_mnt(mnt_userns, d_backing_inode(path->dentry)),

		vfsuid_into_kuid(vfsuid),

		d_backing_inode(path->dentry)->i_mode

	};

	struct inode *inode = d_backing_inode(dentry);

	struct user_namespace *mnt_userns = mnt_user_ns(dir->mnt);

	struct path_cond cond = { };

	vfsuid_t vfsuid;

	if (!inode || !path_mediated_fs(dentry))

		return 0;

	cond.uid = i_uid_into_mnt(mnt_userns, inode);

	vfsuid = i_uid_into_vfsuid(mnt_userns, inode);

	cond.uid = vfsuid_into_kuid(vfsuid);

	cond.mode = inode->i_mode;

	return common_perm_dir_dentry(op, dir, dentry, mask, &cond);

	label = begin_current_label_crit_section();

	if (!unconfined(label)) {

		struct user_namespace *mnt_userns = mnt_user_ns(old_dir->mnt);

		vfsuid_t vfsuid;

		struct path old_path = { .mnt = old_dir->mnt,

					 .dentry = old_dentry };

		struct path new_path = { .mnt = new_dir->mnt,

					 .dentry = new_dentry };

		struct path_cond cond = {

			i_uid_into_mnt(mnt_userns, d_backing_inode(old_dentry)),

			d_backing_inode(old_dentry)->i_mode

			.mode = d_backing_inode(old_dentry)->i_mode

		};

		vfsuid = i_uid_into_vfsuid(mnt_userns, d_backing_inode(old_dentry));

		cond.uid = vfsuid_into_kuid(vfsuid);

		if (flags & RENAME_EXCHANGE) {

			struct path_cond cond_exchange = {

				i_uid_into_mnt(mnt_userns, d_backing_inode(new_dentry)),

				d_backing_inode(new_dentry)->i_mode

				.mode = d_backing_inode(new_dentry)->i_mode,

			};

			vfsuid = i_uid_into_vfsuid(mnt_userns, d_backing_inode(old_dentry));

			cond_exchange.uid = vfsuid_into_kuid(vfsuid);

			error = aa_path_perm(OP_RENAME_SRC, label, &new_path, 0,

					     MAY_READ | AA_MAY_GETATTR | MAY_WRITE |

	if (!unconfined(label)) {

		struct user_namespace *mnt_userns = file_mnt_user_ns(file);

		struct inode *inode = file_inode(file);

		vfsuid_t vfsuid;

		struct path_cond cond = {

			i_uid_into_mnt(mnt_userns, inode),

			inode->i_mode

			.mode = inode->i_mode,

		};

		vfsuid = i_uid_into_vfsuid(mnt_userns, inode);

		cond.uid = vfsuid_into_kuid(vfsuid);

		error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,

				     aa_map_file_to_perms(file), &cond);