On Tue, Nov 9, 2021 at 10:38 AM Todd Kjos tkjos@google.com wrote:
Hi Greg. I'll post backports for these this week.
Thanks Todd, I was going to ping you later today to see if you were planning to work on these. If you run into any problems or can't get to them let me know.
On Mon, Nov 8, 2021 at 11:23 PM gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 29bc22ac5e5bc63275e850f0c8fc549e3d0e306b Mon Sep 17 00:00:00 2001 From: Todd Kjos tkjos@google.com Date: Tue, 12 Oct 2021 09:56:12 -0700 Subject: [PATCH] binder: use euid from cred instead of using task
Save the 'struct cred' associated with a binder process at initial open to avoid potential race conditions when converting to an euid.
Set a transaction's sender_euid from the 'struct cred' saved at binder_open() instead of looking up the euid from the binder proc's 'struct task'. This ensures the euid is associated with the security context that of the task that opened binder.
Cc: stable@vger.kernel.org # 4.4+ Fixes: 457b9a6f09f0 ("Staging: android: add binder driver") Signed-off-by: Todd Kjos tkjos@google.com Suggested-by: Stephen Smalley stephen.smalley.work@gmail.com Suggested-by: Jann Horn jannh@google.com Acked-by: Casey Schaufler casey@schaufler-ca.com Signed-off-by: Paul Moore paul@paul-moore.com