From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Todd Kjos <tkjos@google.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
kernel test robot <lkp@intel.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Paul Moore <paul@paul-moore.com>
Subject: [PATCH 5.14 12/24] binder: use cred instead of task for getsecid
Date: Wed, 10 Nov 2021 19:44:04 +0100 [thread overview]
Message-ID: <20211110182003.724807094@linuxfoundation.org> (raw)
In-Reply-To: <20211110182003.342919058@linuxfoundation.org>
From: Todd Kjos <tkjos@google.com>
commit 4d5b5539742d2554591751b4248b0204d20dcc9d upstream.
Use the 'struct cred' saved at binder_open() to lookup
the security ID via security_cred_getsecid(). This
ensures that the security context that opened binder
is the one used to generate the secctx.
Cc: stable@vger.kernel.org # 5.4+
Fixes: ec74136ded79 ("binder: create node flag to request sender's security context")
Signed-off-by: Todd Kjos <tkjos@google.com>
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Reported-by: kernel test robot <lkp@intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/android/binder.c | 11 +----------
include/linux/security.h | 5 +++++
2 files changed, 6 insertions(+), 10 deletions(-)
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2722,16 +2722,7 @@ static void binder_transaction(struct bi
u32 secid;
size_t added_size;
- /*
- * Arguably this should be the task's subjective LSM secid but
- * we can't reliably access the subjective creds of a task
- * other than our own so we must use the objective creds, which
- * are safe to access. The downside is that if a task is
- * temporarily overriding it's creds it will not be reflected
- * here; however, it isn't clear that binder would handle that
- * case well anyway.
- */
- security_task_getsecid_obj(proc->tsk, &secid);
+ security_cred_getsecid(proc->cred, &secid);
ret = security_secid_to_secctx(secid, &secctx, &secctx_sz);
if (ret) {
return_error = BR_FAILED_REPLY;
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1041,6 +1041,11 @@ static inline void security_transfer_cre
{
}
+static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
+{
+ *secid = 0;
+}
+
static inline int security_kernel_act_as(struct cred *cred, u32 secid)
{
return 0;
next prev parent reply other threads:[~2021-11-10 18:53 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-10 18:43 [PATCH 5.14 00/24] 5.14.18-rc1 review Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 01/24] ALSA: pcm: Check mmap capability of runtime dma buffer at first Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 02/24] ALSA: pci: cs46xx: Fix set up buffer type properly Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 03/24] KVM: x86: avoid warning with -Wbitwise-instead-of-logical Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 04/24] Revert "x86/kvm: fix vcpu-id indexed array sizes" Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 05/24] usb: ehci: handshake CMD_RUN instead of STS_HALT Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 06/24] usb: gadget: Mark USB_FSL_QE broken on 64-bit Greg Kroah-Hartman
2021-11-10 18:43 ` [PATCH 5.14 07/24] usb: musb: Balance list entry in musb_gadget_queue Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 08/24] usb-storage: Add compatibility quirk flags for iODD 2531/2541 Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 09/24] Revert "proc/wchan: use printk format instead of lookup_symbol_name()" Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 10/24] binder: use euid from cred instead of using task Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 11/24] binder: use cred instead of task for selinux checks Greg Kroah-Hartman
2021-11-10 18:44 ` Greg Kroah-Hartman [this message]
2021-11-10 18:44 ` [PATCH 5.14 13/24] binder: dont detect sender/target during buffer cleanup Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 14/24] staging: rtl8712: fix use-after-free in rtl8712_dl_fw Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 15/24] isofs: Fix out of bound access for corrupted isofs image Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 16/24] comedi: dt9812: fix DMA buffers on stack Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 17/24] comedi: ni_usb6501: fix NULL-deref in command paths Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 18/24] comedi: vmk80xx: fix transfer-buffer overflows Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 19/24] comedi: vmk80xx: fix bulk-buffer overflow Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 20/24] comedi: vmk80xx: fix bulk and interrupt message timeouts Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 21/24] staging: r8712u: fix control-message timeout Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 22/24] staging: rtl8192u: fix control-message timeouts Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 23/24] media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init Greg Kroah-Hartman
2021-11-10 18:44 ` [PATCH 5.14 24/24] rsi: fix control-message timeout Greg Kroah-Hartman
2021-11-10 23:09 ` [PATCH 5.14 00/24] 5.14.18-rc1 review Florian Fainelli
2021-11-11 10:06 ` Naresh Kamboju
2021-11-11 14:30 ` Fox Chen
2021-11-11 16:28 ` Shuah Khan
2021-11-12 1:16 ` Guenter Roeck
2021-11-12 15:41 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211110182003.724807094@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=paul@paul-moore.com \
--cc=stable@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tkjos@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.