iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52f8869337
linux/security
History
Todd Kjos 52f8869337 binder: use cred instead of task for selinux checks 
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.

Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.

Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes: 79af73079d ("Add security hooks to binder and implement the hooks for SELinux.")
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-10-14 20:48:04 -04:00
..
apparmor apparmor: use get_unaligned() only for multi-byte words 2021-05-17 13:30:29 +02:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity integrity-v5.15 2021-09-02 12:51:41 -07:00
keys trusted-keys: match tpm_get_ops on all return paths 2021-05-12 22:36:37 +03:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux binder: use cred instead of task for selinux checks 2021-10-14 20:48:04 -04:00
smack Smack: Brutalist io_uring support 2021-09-19 22:40:51 -04:00
tomoyo mm/pagemap: add mmap_assert_locked() annotations to find_vma*() 2021-09-03 09:58:13 -07:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c Miscellaneous minor fixes for v5.13. 2021-04-27 19:32:55 -07:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig landlock: Set up the security framework and manage credentials 2021-04-22 12:22:10 -07:00
Kconfig.hardening hardening: Clarify Kconfig text for auto-var-init 2021-07-20 23:02:59 -07:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c binder: use cred instead of task for selinux checks 2021-10-14 20:48:04 -04:00