Todd Kjos 84b7952669 binder: use cred instead of task for selinux checks ... commit 52f8869337 upstream. Since binder was integrated with selinux, it has passed 'struct task_struct' associated with the binder_proc to represent the source and target of transactions. The conversion of task to SID was then done in the hook implementations. It turns out that there are race conditions which can result in an incorrect security context being used. Fix by using the 'struct cred' saved during binder_open and pass it to the selinux subsystem. Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables) Fixes: 79af73079d ("Add security hooks to binder and implement the hooks for SELinux.") Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Todd Kjos <tkjos@google.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-11-26 11:40:20 +01:00
..
include	selinux: use kernel linux/socket.h for genheaders and mdp	2019-05-04 09:15:17 +02:00
ss	selinux: fix double free	2020-06-25 15:41:59 +02:00
.gitignore
avc.c	selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC	2021-07-20 16:17:43 +02:00
exports.c
hooks.c	binder: use cred instead of task for selinux checks	2021-11-26 11:40:20 +01:00
ibpkey.c	selinux: Fix error return code in sel_ib_pkey_sid_slow()	2020-11-18 18:27:58 +01:00
Kconfig	security: introduce CONFIG_SECURITY_WRITABLE_HOOKS	2017-03-06 11:00:12 +11:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
netif.c
netlabel.c	calipso: Add a label cache.	2016-06-27 15:06:17 -04:00
netlink.c
netnode.c
netport.c
nlmsgtab.c	rtnetlink: add NEWCACHEREPORT message type	2017-06-21 11:22:52 -04:00
selinuxfs.c	selinux: sel_avc_get_stat_idx should increase position index	2020-10-01 13:12:33 +02:00
xfrm.c	netfilter: Remove spurios included of netfilter.h	2015-06-18 21:14:32 +02:00