On 10/8/2021 2:12 PM, Paul Moore wrote:
On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos tkjos@google.com wrote:
Set a transaction's sender_euid from the 'struct cred' saved at binder_open() instead of looking up the euid from the binder proc's 'struct task'. This ensures the euid is associated with the security context that of the task that opened binder.
Fixes: 457b9a6f09f0 ("Staging: android: add binder driver") Signed-off-by: Todd Kjos tkjos@google.com Suggested-by: Stephen Smalley stephen.smalley.work@gmail.com Cc: stable@vger.kernel.org # 4.4+
v3: added this patch to series
drivers/android/binder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
This is an interesting ordering of the patches. Unless I'm missing something I would have expected patch 3/3 to come first, followed by 2/3, with patch 1/3 at the end; basically the reverse of what was posted here.
My reading of the previous thread was that Casey has made his peace with these changes
Yes. I will address the stacking concerns more directly. I am still somewhat baffled by the intent of the hook, the data passed to it, and the SELinux policy enforcement decisions, but that's beyond my scope.
so unless anyone has any objections I'll plan on merging 2/3 and 3/3 into selinux/stable-5.15 and merging 1/3 into selinux/next.
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 989afd0804ca..26382e982c5e 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2711,7 +2711,7 @@ static void binder_transaction(struct binder_proc *proc, t->from = thread; else t->from = NULL;
t->sender_euid = task_euid(proc->tsk);
t->sender_euid = proc->cred->euid; t->to_proc = target_proc; t->to_thread = target_thread; t->code = tr->code;-- 2.33.0.800.g4c38ced690-goog
-- paul moore www.paul-moore.com