From: <xion.wang@mediatek.com>
To: Paul Moore <paul@paul-moore.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>
Cc: <wsd_upstream@mediatek.com>, <huadian.liu@mediatek.com>,
Xion Wang <xion.wang@mediatek.com>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>
Subject: [PATCH 0/1] selinux: export current_sid API for use in other kernel modules
Date: Wed, 22 Oct 2025 15:27:17 +0800 [thread overview]
Message-ID: <20251022072729.14820-1-xion.wang@mediatek.com> (raw)
From: Xion Wang <xion.wang@mediatek.com>
We have a kernel driver designed to monitor the status of the Android
userspace watchdog. The implementation works as follows: we modify the
Android userspace watchdog code to periodically send a "kick" signal to
the kernel driver via ioctl, so that the kernel driver can determine
whether the userspace is still responsive. If the kernel driver does not
receive a kick signal from the userspace watchdog within a certain
period, it infers that the userspace is stuck. In this case, the kernel
driver will dump key process information at the kernel level and trigger
a full system reboot.
To ensure that only the legitimate Android userspace watchdog process can
access the ioctl interface and perform the kick operation, and to prevent
malicious or unauthorized processes from spoofing the kick action (which
could compromise system reliability), we want to identify the calling
task by its security identifier (sid). By checking the sid, we can
effectively prevent unauthorized processes from sending kick signals.
Currently, the current_sid() function in the kernel is defined as
static inline and cannot be directly called from modules or drivers. We
propose to export this function, so that the kernel driver can call
current_sid() to obtain the sid of the current process and decide whether
to allow the kick operation.
This change will help enhance system security and robustness by
preventing the watchdog mechanism from being bypassed or abused.
I would like to ask the maintainers if there are any additional security
concerns regarding exporting current_sid() as a public API, or if there
are any alternative or more recommended approaches to achieve this goal.
Any feedback or suggestions would be greatly appreciated.
Xion Wang (1):
selinux: export current_sid API for use in other kernel modules
security/selinux/hooks.c | 11 +++++++++++
security/selinux/include/objsec.h | 12 ++----------
2 files changed, 13 insertions(+), 10 deletions(-)
--
2.45.2
next reply other threads:[~2025-10-22 7:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-22 7:27 xion.wang [this message]
2025-10-22 7:27 ` [PATCH 1/1] selinux: export current_sid API for use in other kernel modules xion.wang
2025-10-22 7:30 ` [PATCH 0/1] " Christoph Hellwig
2025-10-22 8:08 ` Ondrej Mosnacek
2025-10-22 12:29 ` Stephen Smalley
2025-10-23 1:39 ` Xion Wang (王鑫)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251022072729.14820-1-xion.wang@mediatek.com \
--to=xion.wang@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=huadian.liu@mediatek.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=stephen.smalley.work@gmail.com \
--cc=wsd_upstream@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox