diff options
author | rwatson <rwatson@FreeBSD.org> | 2008-10-28 12:49:07 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2008-10-28 12:49:07 +0000 |
commit | bc6713490924420312442a3f3fc4ef1fe4b8e400 (patch) | |
tree | 11292438318e6e58424564a501423b69ab5ca6bb /sys/security/mac_lomac | |
parent | b9b0d2c54ca54660de39e9aa6f9bfd4c9653adb3 (diff) | |
download | FreeBSD-src-bc6713490924420312442a3f3fc4ef1fe4b8e400.zip FreeBSD-src-bc6713490924420312442a3f3fc4ef1fe4b8e400.tar.gz |
Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual
memory mappings when the MAC label on a process changes, to
mac_proc_vm_revoke(),
It now also acquires its own credential reference directly from the
affected process rather than accepting one passed by the the caller,
simplifying the API and consumer code.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_lomac')
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 2dc4389..304a712 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -2225,9 +2225,9 @@ lomac_thread_userret(struct thread *td) mtx_unlock(&subj->mtx); newcred = crget(); /* - * Prevent a lock order reversal in - * mac_cred_mmapped_drop_perms; ideally, the other user of - * subj->mtx wouldn't be holding Giant. + * Prevent a lock order reversal in mac_proc_vm_revoke; + * ideally, the other user of subj->mtx wouldn't be holding + * Giant. */ mtx_lock(&Giant); PROC_LOCK(p); @@ -2250,7 +2250,7 @@ lomac_thread_userret(struct thread *td) mtx_unlock(&subj->mtx); PROC_UNLOCK(p); if (dodrop) - mac_cred_mmapped_drop_perms(curthread, newcred); + mac_proc_vm_revoke(curthread); mtx_unlock(&Giant); } else { mtx_unlock(&subj->mtx); |