[PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity

public inbox for rust-for-linux@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity
@ 2026-02-13 21:37 Jann Horn
  2026-02-13 21:37 ` [PATCH 1/2] binder: " Jann Horn
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Jann Horn @ 2026-02-13 21:37 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos,
	Christian Brauner, Carlos Llamas, Alice Ryhl
  Cc: linux-kernel, Miguel Ojeda, Boqun Feng, Gary Guo,
	Björn Roy Baron, Benno Lossin, Andreas Hindborg,
	Trevor Gross, Danilo Krummrich, rust-for-linux, Jann Horn

Based on the discussion on
<https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/>,
here's a proposed change to binder to stop looking at objective EUIDs.

This removes the last remaining users of Task::euid() (in Rust), and the
only remaining caller to task_euid() is the now-unused Rust wrapper.

(Sidenote: It might be worth considering whether it really makes sense
to have functions like current_euid(), task_euid(), and so on in Rust -
it might be less messy to just expose current_cred() and (if necessary)
get_task_cred(), and then use the `Credential` abstraction around
`struct cred` to access the various UID/GID/... fields.)

(build-tested only.)

Signed-off-by: Jann Horn <jannh@google.com>
---
Jann Horn (2):
      binder: use current_euid() for transaction sender identity
      rust_binder: use current_euid() for transaction sender identity

 drivers/android/binder.c              | 2 +-
 drivers/android/binder/transaction.rs | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
---
base-commit: 3c4ae63073d84abee5d81ce46d86a94e9dae9c89
change-id: 20260213-binder-uid-a24ede5026a8

--  
Jann Horn <jannh@google.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] binder: use current_euid() for transaction sender identity
  2026-02-13 21:37 [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity Jann Horn
@ 2026-02-13 21:37 ` Jann Horn
  2026-02-13 21:37 ` [PATCH 2/2] rust_binder: " Jann Horn
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Jann Horn @ 2026-02-13 21:37 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos,
	Christian Brauner, Carlos Llamas, Alice Ryhl
  Cc: linux-kernel, Miguel Ojeda, Boqun Feng, Gary Guo,
	Björn Roy Baron, Benno Lossin, Andreas Hindborg,
	Trevor Gross, Danilo Krummrich, rust-for-linux, Jann Horn

Binder currently uses task_euid(proc->tsk) as the transaction sender EUID,
where proc->tsk is the main thread of the process that opened /dev/binder.
That's not clean; use the subjective EUID of the current task instead.

Signed-off-by: Jann Horn <jannh@google.com>
---
 drivers/android/binder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index adde1e40cccd..3dfce0fb9e13 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3113,7 +3113,7 @@ static void binder_transaction(struct binder_proc *proc,
 	t->start_time = t_start_time;
 	t->from_pid = proc->pid;
 	t->from_tid = thread->pid;
-	t->sender_euid = task_euid(proc->tsk);
+	t->sender_euid = current_euid();
 	t->code = tr->code;
 	t->flags = tr->flags;
 	t->priority = task_nice(current);

-- 
2.53.0.273.g2a3d683680-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH 2/2] rust_binder: use current_euid() for transaction sender identity
  2026-02-13 21:37 [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity Jann Horn
  2026-02-13 21:37 ` [PATCH 1/2] binder: " Jann Horn
@ 2026-02-13 21:37 ` Jann Horn
  2026-02-16  8:16 ` [PATCH 0/2] binder+rust_binder: " Alice Ryhl
  2026-02-19 15:02 ` Gary Guo
  3 siblings, 0 replies; 5+ messages in thread
From: Jann Horn @ 2026-02-13 21:37 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos,
	Christian Brauner, Carlos Llamas, Alice Ryhl
  Cc: linux-kernel, Miguel Ojeda, Boqun Feng, Gary Guo,
	Björn Roy Baron, Benno Lossin, Andreas Hindborg,
	Trevor Gross, Danilo Krummrich, rust-for-linux, Jann Horn

Binder currently uses from.process.task.euid() as the transaction sender
EUID, where from.process.task is the main thread of the process that opened
/dev/binder. That's not clean; use the subjective EUID of the current task
instead.

Signed-off-by: Jann Horn <jannh@google.com>
---
 drivers/android/binder/transaction.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/android/binder/transaction.rs b/drivers/android/binder/transaction.rs
index cd8d8202e52d..3deaa745fe2f 100644
--- a/drivers/android/binder/transaction.rs
+++ b/drivers/android/binder/transaction.rs
@@ -107,7 +107,7 @@ pub(crate) fn new(
             debug_id,
             target_node: Some(target_node),
             from_parent,
-            sender_euid: from.process.task.euid(),
+            sender_euid: Kuid::current_euid(),
             from: from.clone(),
             to,
             code: trd.code,
@@ -147,7 +147,7 @@ pub(crate) fn new_reply(
             debug_id,
             target_node: None,
             from_parent: None,
-            sender_euid: from.process.task.euid(),
+            sender_euid: Kuid::current_euid(),
             from: from.clone(),
             to,
             code: trd.code,

-- 
2.53.0.273.g2a3d683680-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity
  2026-02-13 21:37 [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity Jann Horn
  2026-02-13 21:37 ` [PATCH 1/2] binder: " Jann Horn
  2026-02-13 21:37 ` [PATCH 2/2] rust_binder: " Jann Horn
@ 2026-02-16  8:16 ` Alice Ryhl
  2026-02-19 15:02 ` Gary Guo
  3 siblings, 0 replies; 5+ messages in thread
From: Alice Ryhl @ 2026-02-16  8:16 UTC (permalink / raw)
  To: Jann Horn
  Cc: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos,
	Christian Brauner, Carlos Llamas, linux-kernel, Miguel Ojeda,
	Boqun Feng, Gary Guo, Björn Roy Baron, Benno Lossin,
	Andreas Hindborg, Trevor Gross, Danilo Krummrich, rust-for-linux

On Fri, Feb 13, 2026 at 10:37:29PM +0100, Jann Horn wrote:
> Based on the discussion on
> <https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/>,
> here's a proposed change to binder to stop looking at objective EUIDs.
> 
> This removes the last remaining users of Task::euid() (in Rust), and the
> only remaining caller to task_euid() is the now-unused Rust wrapper.

Any chance you could include a patch to remove the now-unused method?

> (Sidenote: It might be worth considering whether it really makes sense
> to have functions like current_euid(), task_euid(), and so on in Rust -
> it might be less messy to just expose current_cred() and (if necessary)
> get_task_cred(), and then use the `Credential` abstraction around
> `struct cred` to access the various UID/GID/... fields.)

We could add a cred() method to CurrentTask and do this:

	current!().cred().euid()

> Signed-off-by: Jann Horn <jannh@google.com>

Reviewed-by: Alice Ryhl <aliceryhl@google.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity
  2026-02-13 21:37 [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity Jann Horn
                   ` (2 preceding siblings ...)
  2026-02-16  8:16 ` [PATCH 0/2] binder+rust_binder: " Alice Ryhl
@ 2026-02-19 15:02 ` Gary Guo
  3 siblings, 0 replies; 5+ messages in thread
From: Gary Guo @ 2026-02-19 15:02 UTC (permalink / raw)
  To: Jann Horn
  Cc: Greg Kroah-Hartman, Arve Hjønnevåg, Todd Kjos,
	Christian Brauner, Carlos Llamas, Alice Ryhl, linux-kernel,
	Miguel Ojeda, Boqun Feng, Björn Roy Baron, Benno Lossin,
	Andreas Hindborg, Trevor Gross, Danilo Krummrich, rust-for-linux

On 2026-02-13 21:37, Jann Horn wrote:
> Based on the discussion on
> <https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/>,
> here's a proposed change to binder to stop looking at objective EUIDs.
> 
> This removes the last remaining users of Task::euid() (in Rust), and 
> the
> only remaining caller to task_euid() is the now-unused Rust wrapper.
> 
> (Sidenote: It might be worth considering whether it really makes sense
> to have functions like current_euid(), task_euid(), and so on in Rust -
> it might be less messy to just expose current_cred() and (if necessary)
> get_task_cred(), and then use the `Credential` abstraction around
> `struct cred` to access the various UID/GID/... fields.)
> 
> (build-tested only.)
> 
> Signed-off-by: Jann Horn <jannh@google.com>

Acked-by: Gary Guo <gary@garyguo.net>

> ---
> Jann Horn (2):
>       binder: use current_euid() for transaction sender identity
>       rust_binder: use current_euid() for transaction sender identity
> 
>  drivers/android/binder.c              | 2 +-
>  drivers/android/binder/transaction.rs | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> ---
> base-commit: 3c4ae63073d84abee5d81ce46d86a94e9dae9c89
> change-id: 20260213-binder-uid-a24ede5026a8
> 
> --
> Jann Horn <jannh@google.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-02-19 15:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-13 21:37 [PATCH 0/2] binder+rust_binder: use current_euid() for transaction sender identity Jann Horn
2026-02-13 21:37 ` [PATCH 1/2] binder: " Jann Horn
2026-02-13 21:37 ` [PATCH 2/2] rust_binder: " Jann Horn
2026-02-16  8:16 ` [PATCH 0/2] binder+rust_binder: " Alice Ryhl
2026-02-19 15:02 ` Gary Guo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox