7 files changed, 13 insertions, 14 deletions

diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index a092e27b0a74..a6680ede392e 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -628,7 +628,7 @@ sys_setauid(struct thread *td, struct setauid_args *uap)
 	if (error)
 		goto fail;
 #endif
-	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
+	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
 	if (error)
 		goto fail;
 	newcred->cr_audit.ai_auid = id;
@@ -693,7 +693,7 @@ sys_setaudit(struct thread *td, struct setaudit_args *uap)
 	if (error)
 		goto fail;
 #endif
-	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
+	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
 	if (error)
 		goto fail;
 	bzero(&newcred->cr_audit, sizeof(newcred->cr_audit));
@@ -756,7 +756,7 @@ sys_setaudit_addr(struct thread *td, struct setaudit_addr_args *uap)
 	if (error)
 		goto fail;
 #endif
-	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
+	error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
 	if (error)
 		goto fail;
 	newcred->cr_audit = aia;
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 5c781e39491f..cfea7e9a6e91 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -477,7 +477,7 @@ mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
 	 * impose this check themselves if required by the policy
 	 * Eventually, this should go away.
 	 */
-	error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
+	error = priv_check_cred(cred, PRIV_NET_SETIFMAC);
 	if (error) {
 		mac_ifnet_label_free(intlabel);
 		return (error);
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index 9944d3cba017..225db602b6cf 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -385,20 +385,19 @@ ugidfw_rulecheck(struct mac_bsdextended_rule *rule,
 	priv_granted = 0;
 	mac_granted = rule->mbr_mode;
 	if ((acc_mode & MBI_ADMIN) && (mac_granted & MBI_ADMIN) == 0 &&
-	    priv_check_cred(cred, PRIV_VFS_ADMIN, 0) == 0)
+	    priv_check_cred(cred, PRIV_VFS_ADMIN) == 0)
 		priv_granted |= MBI_ADMIN;
 	if ((acc_mode & MBI_EXEC) && (mac_granted & MBI_EXEC) == 0 &&
-	    priv_check_cred(cred, (vap->va_type == VDIR) ? PRIV_VFS_LOOKUP :
-	    PRIV_VFS_EXEC, 0) == 0)
+	    priv_check_cred(cred, (vap->va_type == VDIR) ? PRIV_VFS_LOOKUP : PRIV_VFS_EXEC) == 0)
 		priv_granted |= MBI_EXEC;
 	if ((acc_mode & MBI_READ) && (mac_granted & MBI_READ) == 0 &&
-	    priv_check_cred(cred, PRIV_VFS_READ, 0) == 0)
+	    priv_check_cred(cred, PRIV_VFS_READ) == 0)
 		priv_granted |= MBI_READ;
 	if ((acc_mode & MBI_STAT) && (mac_granted & MBI_STAT) == 0 &&
-	    priv_check_cred(cred, PRIV_VFS_STAT, 0) == 0)
+	    priv_check_cred(cred, PRIV_VFS_STAT) == 0)
 		priv_granted |= MBI_STAT;
 	if ((acc_mode & MBI_WRITE) && (mac_granted & MBI_WRITE) == 0 &&
-	    priv_check_cred(cred, PRIV_VFS_WRITE, 0) == 0)
+	    priv_check_cred(cred, PRIV_VFS_WRITE) == 0)
 		priv_granted |= MBI_WRITE;
 	/*
 	 * Is the access permitted?
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index b7c6289b7a99..ac6ec7b00e4f 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -1139,7 +1139,7 @@ lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
 		 *
 		 * XXXRW: This is also redundant to a higher layer check.
 		 */
-		error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
+		error = priv_check_cred(cred, PRIV_NET_SETIFMAC);
 		if (error)
 			return (EPERM);
 
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index 729413e205c4..8f02263023f2 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -128,7 +128,7 @@ partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
 		 * partition in the first place, but this didn't interact
 		 * well with sendmail.
 		 */
-		error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);
+		error = priv_check_cred(cred, PRIV_MAC_PARTITION);
 	}
 
 	return (error);
diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c
index 3dd48c16ebc4..f140103270bd 100644
--- a/sys/security/mac_portacl/mac_portacl.c
+++ b/sys/security/mac_portacl/mac_portacl.c
@@ -419,7 +419,7 @@ rules_check(struct ucred *cred, int family, int type, u_int16_t port)
 	mtx_unlock(&rule_mtx);
 
 	if (error != 0 && portacl_suser_exempt != 0)
-		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
+		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT);
 
 	return (error);
 }
diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c
index cef0d265648e..2d964645e8e9 100644
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@@ -123,7 +123,7 @@ seeotheruids_check(struct ucred *cr1, struct ucred *cr2)
 		return (0);
 
 	if (suser_privileged) {
-		if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0)
+		if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS) == 0)
 			return (0);
 	}