From: Li Li <dualli@chromium.org>
To: dualli@google.com, corbet@lwn.net, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
donald.hunter@gmail.com, gregkh@linuxfoundation.org,
arve@android.com, tkjos@android.com, maco@android.com,
joel@joelfernandes.org, brauner@kernel.org, cmllamas@google.com,
surenb@google.com, omosnace@redhat.com, shuah@kernel.org,
arnd@arndb.de, masahiroy@kernel.org, bagasdotme@gmail.com,
horms@kernel.org, tweek@google.com, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, netdev@vger.kernel.org,
selinux@vger.kernel.org, hridya@google.com
Cc: smoreland@google.com, ynaffit@google.com, kernel-team@android.com
Subject: [PATCH v15 1/3] lsm, selinux: Add setup_report permission to binder
Date: Wed, 26 Feb 2025 11:20:45 -0800 [thread overview]
Message-ID: <20250226192047.734627-2-dualli@chromium.org> (raw)
In-Reply-To: <20250226192047.734627-1-dualli@chromium.org>
From: Thiébaud Weksteen <tweek@google.com>
Introduce a new permission "setup_report" to the "binder" class.
This persmission controls the ability to set up the binder generic
netlink driver to report certain binder transactions.
Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Signed-off-by: Li Li <dualli@google.com>
---
include/linux/lsm_hook_defs.h | 1 +
include/linux/security.h | 1 +
security/security.c | 13 +++++++++++++
security/selinux/hooks.c | 7 +++++++
security/selinux/include/classmap.h | 3 ++-
5 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 9eb313bd0c93..5291cd712147 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -33,6 +33,7 @@ LSM_HOOK(int, 0, binder_transfer_binder, const struct cred *from,
const struct cred *to)
LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from,
const struct cred *to, const struct file *file)
+LSM_HOOK(int, 0, binder_setup_report, const struct cred *to)
LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
unsigned int mode)
LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
diff --git a/include/linux/security.h b/include/linux/security.h
index 27f64a9747f8..28fcd7047051 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -338,6 +338,7 @@ int security_binder_transfer_binder(const struct cred *from,
const struct cred *to);
int security_binder_transfer_file(const struct cred *from,
const struct cred *to, const struct file *file);
+int security_binder_setup_report(const struct cred *to);
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
int security_ptrace_traceme(struct task_struct *parent);
int security_capget(const struct task_struct *target,
diff --git a/security/security.c b/security/security.c
index c9fae447327e..6212158cec72 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1043,6 +1043,19 @@ int security_binder_transfer_file(const struct cred *from,
return call_int_hook(binder_transfer_file, from, to, file);
}
+/**
+ * security_binder_setup_report() - Check if process allowed to set up binder reports.
+ * @to: receiving process
+ *
+ * Check whether @to is allowed to set up binder reports.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
+int security_binder_setup_report(const struct cred *to)
+{
+ return call_int_hook(binder_setup_report, to);
+}
+
/**
* security_ptrace_access_check() - Check if tracing is allowed
* @child: target process
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b49f28f15ed1..12da5861ec18 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2092,6 +2092,12 @@ static int selinux_binder_transfer_file(const struct cred *from,
&ad);
}
+static int selinux_binder_setup_report(const struct cred *to)
+{
+ return avc_has_perm(current_sid(), cred_sid(to), SECCLASS_BINDER,
+ BINDER__SETUP_REPORT, NULL);
+}
+
static int selinux_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
@@ -7176,6 +7182,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
+ LSM_HOOK_INIT(binder_setup_report, selinux_binder_setup_report),
LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 8a8f3908aac8..11e6fa92799b 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -133,7 +133,8 @@ const struct security_class_mapping secclass_map[] = {
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } },
{ "binder",
- { "impersonate", "call", "set_context_mgr", "transfer", NULL } },
+ { "impersonate", "call", "set_context_mgr", "transfer",
+ "setup_report", NULL } },
{ "cap_userns", { COMMON_CAP_PERMS, NULL } },
{ "cap2_userns", { COMMON_CAP2_PERMS, NULL } },
{ "sctp_socket",
--
2.48.1.658.g4767266eb4-goog
next prev parent reply other threads:[~2025-02-26 19:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-26 19:20 [PATCH v15 0/3] binder: report txn errors via generic netlink Li Li
2025-02-26 19:20 ` Li Li [this message]
2025-02-26 19:20 ` [PATCH v15 2/3] " Li Li
2025-02-27 16:03 ` kernel test robot
2025-02-27 20:46 ` kernel test robot
2025-02-26 19:20 ` [PATCH v15 3/3] binder: generic netlink binder_features flag Li Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250226192047.734627-2-dualli@chromium.org \
--to=dualli@chromium.org \
--cc=arnd@arndb.de \
--cc=arve@android.com \
--cc=bagasdotme@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=dualli@google.com \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=horms@kernel.org \
--cc=hridya@google.com \
--cc=joel@joelfernandes.org \
--cc=kernel-team@android.com \
--cc=kuba@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=masahiroy@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=pabeni@redhat.com \
--cc=selinux@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=smoreland@google.com \
--cc=surenb@google.com \
--cc=tkjos@android.com \
--cc=tweek@google.com \
--cc=ynaffit@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).