apparmor: convert to profile block critical sections

There are still a few places where profile replacement fails to update
and a stale profile is used for mediation. Fix this by moving to
accessing the current label through a critical section that will
always ensure mediation is using the current label regardless of
whether the tasks cred has been updated or not.

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/context.c

@@ -79,7 +79,7 @@ struct aa_profile *aa_get_task_profile(struct task_struct *task)
 	struct aa_profile *p;
 
 	rcu_read_lock();
-	p = aa_get_profile(__aa_task_profile(task));
+	p = aa_get_newest_profile(__aa_task_raw_profile(task));
 	rcu_read_unlock();
 
 	return p;