Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual

memory mappings when the MAC label on a process changes, to
mac_proc_vm_revoke(),

It now also acquires its own credential reference directly from the
affected process rather than accepting one passed by the the caller,
simplifying the API and consumer code.

Obtained from:	TrustedBSD Project

1 files changed, 4 insertions, 4 deletions

diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 2dc4389..304a712 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -2225,9 +2225,9 @@ lomac_thread_userret(struct thread *td)
 		mtx_unlock(&subj->mtx);
 		newcred = crget();
 		/*
-		 * Prevent a lock order reversal in
-		 * mac_cred_mmapped_drop_perms; ideally, the other user of
-		 * subj->mtx wouldn't be holding Giant.
+		 * Prevent a lock order reversal in mac_proc_vm_revoke;
+		 * ideally, the other user of subj->mtx wouldn't be holding
+		 * Giant.
 		 */
 		mtx_lock(&Giant);
 		PROC_LOCK(p);
@@ -2250,7 +2250,7 @@ lomac_thread_userret(struct thread *td)
 		mtx_unlock(&subj->mtx);
 		PROC_UNLOCK(p);
 		if (dodrop)
-			mac_cred_mmapped_drop_perms(curthread, newcred);
+			mac_proc_vm_revoke(curthread);
 		mtx_unlock(&Giant);
 	} else {
 		mtx_unlock(&subj->mtx);