From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B090C4332F for ; Fri, 12 Nov 2021 16:11:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 325DC6103D for ; Fri, 12 Nov 2021 16:11:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235165AbhKLQOc (ORCPT ); Fri, 12 Nov 2021 11:14:32 -0500 Received: from mail.kernel.org ([198.145.29.99]:47626 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229952AbhKLQOb (ORCPT ); Fri, 12 Nov 2021 11:14:31 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4073560FBF; Fri, 12 Nov 2021 16:11:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1636733500; bh=jfOkMhqoRRx46LZzb5Lw5bzbASQUg0GjyxMPHUpzWuQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=D5yHDCyV61w/zo/JvSag2omq3nrmIae7KG2xbkvSOx8Ev4q8v1cQBKF06XeNYCglN EyfAy/Rbh7PsNKcGYsK6mIeB1Cb+RV7MA2KkG/ldP7inBuKjjdPJt9oiWoevomKAiJ Kg497zDbSsrQ7W0V0pEOQNNsa6NKALPOKTdZsJ8I= Date: Fri, 12 Nov 2021 17:11:38 +0100 From: Greg KH To: Todd Kjos Cc: stable@vger.kernel.org, arve@android.com, tkjos@android.com, maco@android.com, christian@brauner.io, jmorris@namei.org, serge@hallyn.com, paul@paul-moore.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, keescook@chromium.org, jannh@google.com, jeffv@google.com, zohar@linux.ibm.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, devel@driverdev.osuosl.org, joel@joelfernandes.org, kernel-team@android.com, Casey Schaufler Subject: Re: [PATCH 4.4 2/2] binder: use cred instead of task for selinux checks Message-ID: References: <20211110225910.3268106-1-tkjos@google.com> <20211110225910.3268106-2-tkjos@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211110225910.3268106-2-tkjos@google.com> Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Wed, Nov 10, 2021 at 02:59:10PM -0800, Todd Kjos wrote: > commit 52f88693378a58094c538662ba652aff0253c4fe upstream. > > Since binder was integrated with selinux, it has passed > 'struct task_struct' associated with the binder_proc > to represent the source and target of transactions. > The conversion of task to SID was then done in the hook > implementations. It turns out that there are race conditions > which can result in an incorrect security context being used. > > Fix by using the 'struct cred' saved during binder_open and pass > it to the selinux subsystem. > > Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables) > Fixes: 79af73079d75 ("Add security hooks to binder and implement the hooks for SELinux.") > Suggested-by: Jann Horn > Signed-off-by: Todd Kjos > Acked-by: Casey Schaufler > Signed-off-by: Paul Moore > Change-Id: Id7157515d2b08f11683aeb8ad9b8f1da075d34e7 > --- > drivers/android/binder.c | 18 +++++++++--------- > include/linux/lsm_hooks.h | 32 ++++++++++++++++---------------- > include/linux/security.h | 28 ++++++++++++++-------------- > security/security.c | 14 +++++++------- > security/selinux/hooks.c | 31 +++++++++++++------------------ > 5 files changed, 59 insertions(+), 64 deletions(-) This doesn't apply at all. I've applied patch 1/2 here, but can you redo this one and submit it again? thanks, greg k-h