From bc6713490924420312442a3f3fc4ef1fe4b8e400 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 28 Oct 2008 12:49:07 +0000
Subject: Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual
 memory mappings when the MAC label on a process changes, to
 mac_proc_vm_revoke(),

It now also acquires its own credential reference directly from the
affected process rather than accepting one passed by the the caller,
simplifying the API and consumer code.

Obtained from:	TrustedBSD Project
---
 sys/security/mac_lomac/mac_lomac.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'sys/security/mac_lomac/mac_lomac.c')

diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 2dc4389..304a712 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -2225,9 +2225,9 @@ lomac_thread_userret(struct thread *td)
 		mtx_unlock(&subj->mtx);
 		newcred = crget();
 		/*
-		 * Prevent a lock order reversal in
-		 * mac_cred_mmapped_drop_perms; ideally, the other user of
-		 * subj->mtx wouldn't be holding Giant.
+		 * Prevent a lock order reversal in mac_proc_vm_revoke;
+		 * ideally, the other user of subj->mtx wouldn't be holding
+		 * Giant.
 		 */
 		mtx_lock(&Giant);
 		PROC_LOCK(p);
@@ -2250,7 +2250,7 @@ lomac_thread_userret(struct thread *td)
 		mtx_unlock(&subj->mtx);
 		PROC_UNLOCK(p);
 		if (dodrop)
-			mac_cred_mmapped_drop_perms(curthread, newcred);
+			mac_proc_vm_revoke(curthread);
 		mtx_unlock(&Giant);
 	} else {
 		mtx_unlock(&subj->mtx);
-- 
cgit v1.1