Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-06 Thread Casey Schaufler
On 10/5/2021 7:27 PM, Jann Horn wrote: > On Tue, Oct 5, 2021 at 6:59 PM Casey Schaufler wrote: >> On 10/5/2021 8:21 AM, Stephen Smalley wrote: >>> On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler wrote: > On 10/4/2021 3:28 PM, Jann Hor

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Paul Moore
On Tue, Oct 5, 2021 at 1:12 PM Stephen Smalley wrote: > > On Tue, Oct 5, 2021 at 12:49 PM Todd Kjos wrote: > > > > On Tue, Oct 5, 2021 at 8:21 AM Stephen Smalley > > wrote: > > > > > > On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: > > > > > > > > On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Stephen Smalley
On Tue, Oct 5, 2021 at 12:49 PM Todd Kjos wrote: > > On Tue, Oct 5, 2021 at 8:21 AM Stephen Smalley > wrote: > > > > On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: > > > > > > On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler > > > wrote: > > > > On 10/4/2021 3:28 PM, Jann Horn wrote: > > > > >

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Casey Schaufler
On 10/5/2021 8:21 AM, Stephen Smalley wrote: > On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: >> On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler >> wrote: >>> On 10/4/2021 3:28 PM, Jann Horn wrote: On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler wrote: > On 10/1/2021 3:58 PM, Jann

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Stephen Smalley
On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: > > On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler wrote: > > On 10/4/2021 3:28 PM, Jann Horn wrote: > > > On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler > > > wrote: > > >> On 10/1/2021 3:58 PM, Jann Horn wrote: > > >>> On Fri, Oct 1, 2021 at 10:

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Greg KH
On Tue, Oct 05, 2021 at 09:53:31AM -0400, Paul Moore wrote: > On Tue, Oct 5, 2021 at 9:31 AM Greg KH wrote: > > On Fri, Oct 01, 2021 at 10:55:21AM -0700, Todd Kjos wrote: > > > Save the struct cred associated with a binder process > > > at initial open to avoid potential race conditions > > > when

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Paul Moore
On Tue, Oct 5, 2021 at 9:31 AM Greg KH wrote: > On Fri, Oct 01, 2021 at 10:55:21AM -0700, Todd Kjos wrote: > > Save the struct cred associated with a binder process > > at initial open to avoid potential race conditions > > when converting to a security ID. > > > > Since binder was integrated with

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-05 Thread Greg KH
On Fri, Oct 01, 2021 at 10:55:21AM -0700, Todd Kjos wrote: > Save the struct cred associated with a binder process > at initial open to avoid potential race conditions > when converting to a security ID. > > Since binder was integrated with selinux, it has passed > 'struct task_struct' associated

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-04 Thread Jann Horn
On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler wrote: > On 10/4/2021 3:28 PM, Jann Horn wrote: > > On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler > > wrote: > >> On 10/1/2021 3:58 PM, Jann Horn wrote: > >>> On Fri, Oct 1, 2021 at 10:10 PM Casey Schaufler > >>> wrote: > On 10/1/2021 12:50

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-04 Thread Jann Horn
On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler wrote: > On 10/1/2021 3:58 PM, Jann Horn wrote: > > On Fri, Oct 1, 2021 at 10:10 PM Casey Schaufler > > wrote: > >> On 10/1/2021 12:50 PM, Jann Horn wrote: > >>> On Fri, Oct 1, 2021 at 9:36 PM Jann Horn wrote: > On Fri, Oct 1, 2021 at 8:46 PM

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-04 Thread Casey Schaufler
On 10/4/2021 3:28 PM, Jann Horn wrote: > On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler wrote: >> On 10/1/2021 3:58 PM, Jann Horn wrote: >>> On Fri, Oct 1, 2021 at 10:10 PM Casey Schaufler >>> wrote: On 10/1/2021 12:50 PM, Jann Horn wrote: > On Fri, Oct 1, 2021 at 9:36 PM Jann Horn wro

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-04 Thread Casey Schaufler
On 10/1/2021 3:58 PM, Jann Horn wrote: > On Fri, Oct 1, 2021 at 10:10 PM Casey Schaufler > wrote: >> On 10/1/2021 12:50 PM, Jann Horn wrote: >>> On Fri, Oct 1, 2021 at 9:36 PM Jann Horn wrote: On Fri, Oct 1, 2021 at 8:46 PM Casey Schaufler wrote: > On 10/1/2021 10:55 AM, Todd Kjo

[PATCH v2] binder: use cred instead of task for selinux checks

2021-10-01 Thread Todd Kjos
Save the struct cred associated with a binder process at initial open to avoid potential race conditions when converting to a security ID. Since binder was integrated with selinux, it has passed 'struct task_struct' associated with the binder_proc to represent the source and target of transactions

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-01 Thread Casey Schaufler
On 10/1/2021 12:50 PM, Jann Horn wrote: > On Fri, Oct 1, 2021 at 9:36 PM Jann Horn wrote: >> On Fri, Oct 1, 2021 at 8:46 PM Casey Schaufler >> wrote: >>> On 10/1/2021 10:55 AM, Todd Kjos wrote: Save the struct cred associated with a binder process at initial open to avoid potential rac

Re: [PATCH v2] binder: use cred instead of task for selinux checks

2021-10-01 Thread Casey Schaufler
On 10/1/2021 10:55 AM, Todd Kjos wrote: > Save the struct cred associated with a binder process > at initial open to avoid potential race conditions > when converting to a security ID. > > Since binder was integrated with selinux, it has passed > 'struct task_struct' associated with the binder_proc