On Thu, Apr 01, 2021 at 04:09:57PM +0200, Greg KH wrote: > On Thu, Apr 01, 2021 at 08:28:02PM +0800, Yongji Xie wrote: > > On Thu, Apr 1, 2021 at 7:33 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > On Thu, Apr 01, 2021 at 07:29:45PM +0800, Yongji Xie wrote: > > > > On Thu, Apr 1, 2021 at 6:42 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > > > On Thu, Apr 01, 2021 at 06:12:51PM +0800, Yongji Xie wrote: > > > > > > On Thu, Apr 1, 2021 at 5:54 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > > > > > > > On Thu, Apr 01, 2021 at 05:09:32PM +0800, Xie Yongji wrote: > > > > > > > > Use receive_fd() to receive file from another process instead of > > > > > > > > combination of get_unused_fd_flags() and fd_install(). This simplifies > > > > > > > > the logic and also makes sure we don't miss any security stuff. > > > > > > > > > > > > > > But no logic is simplified here, and nothing is "missed", so I do not > > > > > > > understand this change at all. > > > > > > > > > > > > > > > > > > > I noticed that we have security_binder_transfer_file() when we > > > > > > transfer some fds. I'm not sure whether we need something like > > > > > > security_file_receive() here? > > > > > > > > > > Why would you? And where is "here"? > > > > > > > > > > still confused, > > > > > > > > > > > > > I mean do we need to go through the file_receive seccomp notifier when > > > > we receive fd (use get_unused_fd_flags() + fd_install now) from > > > > another process in binder_apply_fd_fixups(). > > > > > > Why? this is internal things, why does seccomp come into play here? > > > > > > > We already have security_binder_transfer_file() to control the sender > > process. So for the receiver process, do we need the seccomp too? Or > > do I miss something here? > > I do not know, is this something that is a requirement that seccomp > handle all filesystem handles sent to a process? I do not know the > seccomp "guarantee" that well, sorry. This is an extremely confused thread. seccomp _uses_ the receive_fd() API. receive_fd() calls the security_file_receive() LSM hook. The security_binder_*() LSM hooks are different yet. Please, let's wait for Christian to clarify his idea first. -- Kees Cook
