apparmor: add fn to lookup profiles by fqname

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/include/policy.h

@@ -180,6 +180,8 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
 				      size_t n);
 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name);
+struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base,
+					const char *fqname, size_t n);
 struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name);
 
 ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace);

security/apparmor/include/policy_ns.h

@@ -46,11 +46,11 @@ struct aa_ns_acct {
  * @uniq_id: a unique id count for the profiles in the namespace
  * @dents: dentries for the namespaces file entries in apparmorfs
  *
- * An aa_ns defines the set profiles that are searched to determine
- * which profile to attach to a task.  Profiles can not be shared between
- * aa_nss and profile names within a namespace are guaranteed to be
- * unique.  When profiles in separate namespaces have the same name they
- * are NOT considered to be equivalent.
+ * An aa_ns defines the set profiles that are searched to determine which
+ * profile to attach to a task.  Profiles can not be shared between aa_ns
+ * and profile names within a namespace are guaranteed to be unique.  When
+ * profiles in separate namespaces have the same name they are NOT considered
+ * to be equivalent.
  *
  * Namespaces are hierarchical and only namespaces and profiles below the
  * current namespace are visible.