From bc6713490924420312442a3f3fc4ef1fe4b8e400 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 28 Oct 2008 12:49:07 +0000
Subject: Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual
 memory mappings when the MAC label on a process changes, to
 mac_proc_vm_revoke(),

It now also acquires its own credential reference directly from the
affected process rather than accepting one passed by the the caller,
simplifying the API and consumer code.

Obtained from:	TrustedBSD Project
---
 sys/security/mac/mac_syscalls.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

(limited to 'sys/security/mac/mac_syscalls.c')

diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 5cff185..c4b0606 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -203,17 +203,9 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
 	mac_cred_relabel(newcred, intlabel);
 	p->p_ucred = newcred;
 
-	/*
-	 * Grab additional reference for use while revoking mmaps, prior to
-	 * releasing the proc lock and sharing the cred.
-	 */
-	crhold(newcred);
 	PROC_UNLOCK(p);
-
-	mac_cred_mmapped_drop_perms(td, newcred);
-
-	crfree(newcred);	/* Free revocation reference. */
 	crfree(oldcred);
+	mac_proc_vm_revoke(td);
 
 out:
 	mac_cred_label_free(intlabel);
-- 
cgit v1.1