On Mon, Oct 11, 2021 at 02:59:13PM -0700, Casey Schaufler wrote:
> On 10/11/2021 2:33 PM, Paul Moore wrote:
> > On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos wrote:
> >> Use the 'struct cred' saved at binder_open() to lookup
> >> the security ID via security_cred_getsecid(). This
> >> ensures that the
On Mon, Oct 11, 2021 at 7:39 PM Todd Kjos wrote:
>
> On Mon, Oct 11, 2021 at 2:39 PM Paul Moore wrote:
> >
> > On Fri, Oct 8, 2021 at 5:24 PM Todd Kjos wrote:
> > >
> > > On Fri, Oct 8, 2021 at 2:12 PM Paul Moore wrote:
> > > >
> > > > On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos wrote:
> > > > >
On Tue, Oct 12, 2021 at 5:41 AM Dan Carpenter wrote:
>
> On Mon, Oct 11, 2021 at 02:59:13PM -0700, Casey Schaufler wrote:
> > On 10/11/2021 2:33 PM, Paul Moore wrote:
> > > On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos wrote:
> > >> Use the 'struct cred' saved at binder_open() to lookup
> > >> the sec
On 10/12/2021 9:56 AM, Todd Kjos wrote:
> This series fixes the possible use of an incorrect security context
> when checking selinux permissions, getting a security ID, or lookup
> up the euid.
>
> The previous behavior was to save the group_leader 'struct task_struct'
> in binder_open() and using
Save the 'struct cred' associated with a binder process
at initial open to avoid potential race conditions
when converting to an euid.
Set a transaction's sender_euid from the 'struct cred'
saved at binder_open() instead of looking up the euid
from the binder proc's 'struct task'. This ensures
the
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in a
