OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
617d2fd48d
linux/security
History
Todd Kjos fc9c470cd5 binder: use cred instead of task for selinux checks 
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.

Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.

Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.

Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes: 79af73079d ("Add security hooks to binder and implement the hooks for SELinux.")
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-17 09:48:16 +01:00
..
apparmor apparmor: remove duplicate macro list_entry_is_head() 2021-09-26 14:07:06 +02:00
integrity IMA: remove the dependency on CRYPTO_MD5 2021-09-15 09:47:41 +02:00
keys KEYS: trusted: Fix migratable=1 failing 2021-03-04 10:26:44 +01:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown lockdown: Allow unprivileged users to see lockdown status 2020-06-22 09:30:53 +02:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux binder: use cred instead of task for selinux checks 2021-11-17 09:48:16 +01:00
smack Smack: Fix wrong semantics in smk_access_entry() 2021-09-22 12:26:27 +02:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 21:22:41 +00:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
commoncap.c security: commoncap: fix -Wstringop-overread warning 2021-05-11 14:04:16 +02:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-10-01 13:18:13 +02:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:26:16 +01:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
min_addr.c
security.c binder: use cred instead of task for selinux checks 2021-11-17 09:48:16 +01:00