Re: [PATCH v2] binder: use cred instead of task for selinux checks

On 10/1/2021 10:55 AM, Todd Kjos wrote: > Save the struct cred associated with a binder process > at initial open to avoid potential race conditions > when converting to a security ID. > > Since binder was integrated with selinux, it has passed > 'struct task_struct' associated with the binder_proc

Re: [PATCH v2] binder: use cred instead of task for selinux checks

On 10/1/2021 12:50 PM, Jann Horn wrote: > On Fri, Oct 1, 2021 at 9:36 PM Jann Horn wrote: >> On Fri, Oct 1, 2021 at 8:46 PM Casey Schaufler >> wrote: >>> On 10/1/2021 10:55 AM, Todd Kjos wrote: >>>> Save the struct cred associated with a binder process >

Re: [PATCH v2] binder: use cred instead of task for selinux checks

On 10/1/2021 3:58 PM, Jann Horn wrote: > On Fri, Oct 1, 2021 at 10:10 PM Casey Schaufler > wrote: >> On 10/1/2021 12:50 PM, Jann Horn wrote: >>> On Fri, Oct 1, 2021 at 9:36 PM Jann Horn wrote: >>>> On Fri, Oct 1, 2021 at 8:46 PM Casey Schaufler >>>

Re: [PATCH v2] binder: use cred instead of task for selinux checks

On 10/4/2021 3:28 PM, Jann Horn wrote: > On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler wrote: >> On 10/1/2021 3:58 PM, Jann Horn wrote: >>> On Fri, Oct 1, 2021 at 10:10 PM Casey Schaufler >>> wrote: >>>> On 10/1/2021 12:50 PM, Jann Horn wrote: >>

Re: [PATCH v2] binder: use cred instead of task for selinux checks

On 10/5/2021 8:21 AM, Stephen Smalley wrote: > On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: >> On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler >> wrote: >>> On 10/4/2021 3:28 PM, Jann Horn wrote: >>>> On Mon, Oct 4, 2021 at 6:19 PM Casey Schaufler &g

Re: [PATCH v2] binder: use cred instead of task for selinux checks

On 10/5/2021 7:27 PM, Jann Horn wrote: > On Tue, Oct 5, 2021 at 6:59 PM Casey Schaufler wrote: >> On 10/5/2021 8:21 AM, Stephen Smalley wrote: >>> On Mon, Oct 4, 2021 at 8:27 PM Jann Horn wrote: >>>> On Tue, Oct 5, 2021 at 1:38 AM Casey Schaufler >>>&g

Re: [PATCH v4 3/3] binder: use euid from cred instead of using task

On 10/8/2021 2:12 PM, Paul Moore wrote: > On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos wrote: >> Set a transaction's sender_euid from the 'struct cred' >> saved at binder_open() instead of looking up the euid >> from the binder proc's 'struct task'. This ensures >> the euid is associated with the secu

Re: [PATCH v4 2/3] binder: use cred instead of task for getsecid

On 10/11/2021 2:33 PM, Paul Moore wrote: > On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos wrote: >> Use the 'struct cred' saved at binder_open() to lookup >> the security ID via security_cred_getsecid(). This >> ensures that the security context that opened binder >> is the one used to generate the secc

Re: [PATCH v5 0/3] binder: use cred instead of task for security context

ity/selinux/hooks.c | 48 > +--- > 7 files changed, 60 insertions(+), 76 deletions(-) For the series: Acked-by: Casey Schaufler ___ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel