On 10/8/2021 2:12 PM, Paul Moore wrote:
> On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos <tkjos@xxxxxxxxxx> wrote:
>> Set a transaction's sender_euid from the 'struct cred'
>> saved at binder_open() instead of looking up the euid
>> from the binder proc's 'struct task'. This ensures
>> the euid is associated with the security context that
>> of the task that opened binder.
>>
>> Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
>> Signed-off-by: Todd Kjos <tkjos@xxxxxxxxxx>
>> Suggested-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
>> Cc: stable@xxxxxxxxxxxxxxx # 4.4+
>> ---
>> v3: added this patch to series
>>
>> drivers/android/binder.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
> This is an interesting ordering of the patches. Unless I'm missing
> something I would have expected patch 3/3 to come first, followed by
> 2/3, with patch 1/3 at the end; basically the reverse of what was
> posted here.
>
> My reading of the previous thread was that Casey has made his peace
> with these changes
Yes. I will address the stacking concerns more directly.
I am still somewhat baffled by the intent of the hook, the data
passed to it, and the SELinux policy enforcement decisions, but
that's beyond my scope.
> so unless anyone has any objections I'll plan on
> merging 2/3 and 3/3 into selinux/stable-5.15 and merging 1/3 into
> selinux/next.
>
>> diff --git a/drivers/android/binder.c b/drivers/android/binder.c
>> index 989afd0804ca..26382e982c5e 100644
>> --- a/drivers/android/binder.c
>> +++ b/drivers/android/binder.c
>> @@ -2711,7 +2711,7 @@ static void binder_transaction(struct binder_proc *proc,
>> t->from = thread;
>> else
>> t->from = NULL;
>> - t->sender_euid = task_euid(proc->tsk);
>> + t->sender_euid = proc->cred->euid;
>> t->to_proc = target_proc;
>> t->to_thread = target_thread;
>> t->code = tr->code;
>> --
>> 2.33.0.800.g4c38ced690-goog
> --
> paul moore
> www.paul-moore.com
