Un-staticize mac_cred_mmapped_drop_perms() so that it may be used

by policy modules making use of downgrades in the MAC AST event.  This
is required by the mac_lomac port of LOMAC to the MAC Framework.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

sys/kern/kern_mac.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_framework.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_framework.h

@@ -335,6 +335,7 @@ int	mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
 	    struct mac *extmac);
 int	mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
 	    struct label *label);
+void	mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
 
 /*
  * Calls to help various file systems implement labeling functionality

sys/security/mac/mac_internal.h

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_net.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_pipe.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_process.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_syscalls.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_system.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/security/mac/mac_vfs.c

@@ -1856,7 +1856,7 @@ mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
  * memory space, and revoke access (in the least surprising ways we
  * know) when necessary.  The process lock is not held here.
  */
-static void
+void
 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
 {
 

sys/sys/mac.h

@@ -335,6 +335,7 @@ int	mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
 	    struct mac *extmac);
 int	mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
 	    struct label *label);
+void	mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
 
 /*
  * Calls to help various file systems implement labeling functionality