Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual

memory mappings when the MAC label on a process changes, to
mac_proc_vm_revoke(),

It now also acquires its own credential reference directly from the
affected process rather than accepting one passed by the the caller,
simplifying the API and consumer code.

Obtained from:	TrustedBSD Project

1 files changed, 1 insertions, 2 deletions

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 411fddb..4cb5262 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -259,6 +259,7 @@ int	mac_proc_check_signal(struct ucred *cred, struct proc *p,
 int	mac_proc_check_wait(struct ucred *cred, struct proc *p);
 void	mac_proc_destroy(struct proc *);
 void	mac_proc_init(struct proc *);
+void	mac_proc_vm_revoke(struct thread *td);
 int	mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
 void	mac_execve_exit(struct image_params *imgp);
 void	mac_execve_interpreter_enter(struct vnode *interpvp,
@@ -434,8 +435,6 @@ int	mac_vnode_execve_will_transition(struct ucred *cred,
 void	mac_vnode_relabel(struct ucred *cred, struct vnode *vp,
 	    struct label *newlabel);
 
-void	mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
-
 /*
  * Calls to help various file systems implement labeling functionality using
  * their existing EA implementation.