apparmor: add profile and ns params to aa_may_manage_policy()

Policy management will be expanded beyond traditional unconfined root.
This will require knowning the profile of the task doing the management
and the ns view.

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/apparmorfs.c

@@ -100,7 +100,7 @@ static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
 	 * Don't allow profile load/replace/remove from profiles that don't
 	 * have CAP_MAC_ADMIN
 	 */
-	if (!aa_may_manage_policy(op))
+	if (!aa_may_manage_policy(__aa_current_profile(), NULL, op))
 		return ERR_PTR(-EACCES);
 
 	/* freed by caller to simple_write_to_buffer */