From nobody Fri Dec 19 16:05:46 2025
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92D9627584E
	for <linux-kernel@vger.kernel.org>; Tue, 15 Apr 2025 07:10:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.179
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1744701032; cv=none;
 b=fih9iahWjXfOKwsfSUnV456GNUPsb8hFhGUjC255H312sDLrVUiQsCZZ8MUsSGaomK0v15zeZo9n5TL8AKD5NzZs9Nok5ojD6fqkrVCOfn2RV6LohJhSZDVcLGWXeZrNtITjhzdziKRYlnMP+e28LOMAvTt/DtLuwzpJPYHKp5I=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1744701032; c=relaxed/simple;
	bh=RTyV6CuY1ILJEHa4mBQoCKQeLLKta6AOsqk80g5KMLQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=fvXF0j59+odk5aBR3sAK6UleQiM0HNWJ8tE4tKpd+FewzlK8Z2i0dTPkz5ZADzuttGZbUu5808Nlp3EWdOyjYkxMGwTkoUI/vwmkw+6WHCXefeXBhBW2WSgoBpN1DcFxGTbU/8BpDqYfF+nbvWybakEX4oFpXi2ZLUoSs4IBoeo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=chromium.org;
 spf=pass smtp.mailfrom=chromium.org;
 dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
 header.b=I9aZj3y3; arc=none smtp.client-ip=209.85.210.179
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
 header.b="I9aZj3y3"
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-736c277331eso5662934b3a.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 15 Apr 2025 00:10:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1744701030; x=1745305830;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=CYejmGyG0ZZvUYJF2X4xi2wGhXKVNeVaxdRV2uzAA3M=;
        b=I9aZj3y3cHEMUBty5lq8ODSUowbmadboLJpqx0MYGvLD40Ou9C03HcsLz1KMiAQfXw
         d2PofoGIX07HrE55tF1ciTkF/lgX+/ns0f2OHIE4jaa4qsuY4/jhMgBHYvZ71+640iCI
         xluaTlHOtrSjcIPVJ51u1X50jPFilW0hIQV0U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1744701030; x=1745305830;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CYejmGyG0ZZvUYJF2X4xi2wGhXKVNeVaxdRV2uzAA3M=;
        b=RfCcpYPO/fzXt6FdDgFKN/phzuNYLEKaO1MgyZDKwCfU2C8EJNTdl/2qdGbfPWtQS9
         F/WJWJJojuR8oTEL5v79pZLyRXzd8W/zwsk04KMudFqrnZ4iUgeNg4dVkwSB7S/pj/0N
         nn9Czh3jkR4Il4+KycJVsYOFd0LfaKzMGRJ+Lbud/GQKbtNEuE/P6L17SuxphSKaPnXc
         WCDY9WVmD+oj1Iwl3Xj4eThe77QiaP68tUyAPVNZKbTDL2plodX/64bOrR4pF1ZUWsIL
         7V0OOF7/SaogvAZ8JlmBooZ3V62tLQmlmYq1H7JR9ZkYqqdt/HYXinO3N6Lk9trxc+gc
         reHg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVc9gDYRYhB94Oq/aFrnM+gKstR3/mhoid30TYFLTUA1bwtkExF7Pawp4mhbNbI/N8n3VMqYlAdWNEddJ4=@vger.kernel.org
X-Gm-Message-State: AOJu0YwE/4Rsnb5miCyKfoMdlrAChC5hhFFLW3+PTLgMZBeoVzkv03X1
	m3FVvTGdNE/aG5l0Dbok72/1eDMVqzqnnvI0tbVU6KbkrSn8VDSPDEYz8TiZeA==
X-Gm-Gg: ASbGncvIv1J9vunxprNkBNZWKbxGJBloknvaKy7WSJJZrhMXVSC2rVy2n+JiuI+NJyv
	JeTLF7SAHcmstetnluXtx6Z3O2BN4L+tauGkm8Y0ol5/3sEa2FrhUn9rAaIcOLuDnUHZVdtSPXT
	P+MYBS56Rlcr4zdDfptGeN9sXU4iQGeHsLxxKmgOoZBGybscrRgyFz7BLkUCS2XxzaBPueWX4iC
	eX5RsqPIZyPWAAV1TGwkT+ZFr/H2L0100ZtQxR0wxJXue49xBht3fjR2BxOS8nq6PHpxxlA7TtA
	1KRA9K5d6CvvFq3Ml9L03IssLz8Lxgwcr2+hP1vqB6opZCUen7qgswOIBXXrsXbQNhAkJZSFacA
	74yPndAgvj+cQFAfGALdorCjX1UM+sSA3
X-Google-Smtp-Source: 
 AGHT+IGWTN2yQeSDJJtvSK1ZNh/SieezMonVkazgrlx4GpaEw0oeWFpAkP6J3Bf+UHyZnh1uBjuWfw==
X-Received: by 2002:a05:6a21:7a41:b0:1f3:2fde:8a6c with SMTP id
 adf61e73a8af0-20398df77b1mr3778675637.4.1744701029869;
        Tue, 15 Apr 2025 00:10:29 -0700 (PDT)
Received: from li-cloudtop.c.googlers.com.com
 (132.197.125.34.bc.googleusercontent.com. [34.125.197.132])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-b02a2d3a250sm8659543a12.62.2025.04.15.00.10.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 15 Apr 2025 00:10:29 -0700 (PDT)
From: Li Li <dualli@chromium.org>
To: dualli@google.com,
	corbet@lwn.net,
	davem@davemloft.net,
	edumazet@google.com,
	kuba@kernel.org,
	pabeni@redhat.com,
	donald.hunter@gmail.com,
	gregkh@linuxfoundation.org,
	arve@android.com,
	tkjos@android.com,
	maco@android.com,
	joel@joelfernandes.org,
	brauner@kernel.org,
	cmllamas@google.com,
	surenb@google.com,
	omosnace@redhat.com,
	shuah@kernel.org,
	arnd@arndb.de,
	masahiroy@kernel.org,
	bagasdotme@gmail.com,
	horms@kernel.org,
	tweek@google.com,
	paul@paul-moore.com,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	netdev@vger.kernel.org,
	selinux@vger.kernel.org,
	hridya@google.com
Cc: smoreland@google.com,
	ynaffit@google.com,
	kernel-team@android.com
Subject: [PATCH v17 1/3] lsm, selinux: Add setup_report permission to binder
Date: Tue, 15 Apr 2025 00:10:15 -0700
Message-ID: <20250415071017.3261009-2-dualli@chromium.org>
X-Mailer: git-send-email 2.49.0.604.gff1f9ca942-goog
In-Reply-To: <20250415071017.3261009-1-dualli@chromium.org>
References: <20250415071017.3261009-1-dualli@chromium.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

From: Thi=C3=A9baud Weksteen <tweek@google.com>

Introduce a new permission "setup_report" to the "binder" class.
This persmission controls the ability to set up the binder generic
netlink driver to report certain binder transactions.

Signed-off-by: Thi=C3=A9baud Weksteen <tweek@google.com>
Signed-off-by: Li Li <dualli@google.com>
---
 include/linux/lsm_hook_defs.h       |  1 +
 include/linux/security.h            |  6 ++++++
 security/security.c                 | 13 +++++++++++++
 security/selinux/hooks.c            |  7 +++++++
 security/selinux/include/classmap.h |  3 ++-
 5 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index bf3bbac4e02a..795a507db537 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -33,6 +33,7 @@ LSM_HOOK(int, 0, binder_transfer_binder, const struct cre=
d *from,
 	 const struct cred *to)
 LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from,
 	 const struct cred *to, const struct file *file)
+LSM_HOOK(int, 0, binder_setup_report, const struct cred *to)
 LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
 	 unsigned int mode)
 LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
diff --git a/include/linux/security.h b/include/linux/security.h
index cc9b54d95d22..fe600fb37c98 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -338,6 +338,7 @@ int security_binder_transfer_binder(const struct cred *=
from,
 				    const struct cred *to);
 int security_binder_transfer_file(const struct cred *from,
 				  const struct cred *to, const struct file *file);
+int security_binder_setup_report(const struct cred *to);
 int security_ptrace_access_check(struct task_struct *child, unsigned int m=
ode);
 int security_ptrace_traceme(struct task_struct *parent);
 int security_capget(const struct task_struct *target,
@@ -657,6 +658,11 @@ static inline int security_binder_transfer_file(const =
struct cred *from,
 	return 0;
 }
=20
+static inline int security_binder_setup_report(const struct cred *to)
+{
+	return 0;
+}
+
 static inline int security_ptrace_access_check(struct task_struct *child,
 					     unsigned int mode)
 {
diff --git a/security/security.c b/security/security.c
index fb57e8fddd91..5acf364e610f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1043,6 +1043,19 @@ int security_binder_transfer_file(const struct cred =
*from,
 	return call_int_hook(binder_transfer_file, from, to, file);
 }
=20
+/**
+ * security_binder_setup_report() - Check if binder report is allowed
+ * @to: receiving process
+ *
+ * Check whether @to is allowed to set up binder reports.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
+int security_binder_setup_report(const struct cred *to)
+{
+	return call_int_hook(binder_setup_report, to);
+}
+
 /**
  * security_ptrace_access_check() - Check if tracing is allowed
  * @child: target process
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 595ceb314aeb..f02249345c4b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2103,6 +2103,12 @@ static int selinux_binder_transfer_file(const struct=
 cred *from,
 			    &ad);
 }
=20
+static int selinux_binder_setup_report(const struct cred *to)
+{
+	return avc_has_perm(current_sid(), cred_sid(to), SECCLASS_BINDER,
+			    BINDER__SETUP_REPORT, NULL);
+}
+
 static int selinux_ptrace_access_check(struct task_struct *child,
 				       unsigned int mode)
 {
@@ -7295,6 +7301,7 @@ static struct security_hook_list selinux_hooks[] __ro=
_after_init =3D {
 	LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
 	LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
 	LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
+	LSM_HOOK_INIT(binder_setup_report, selinux_binder_setup_report),
=20
 	LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
 	LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
diff --git a/security/selinux/include/classmap.h b/security/selinux/include=
/classmap.h
index 5665aa5e7853..de7e28572fda 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -133,7 +133,8 @@ const struct security_class_mapping secclass_map[] =3D {
 	{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
 	{ "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } },
 	{ "binder",
-	  { "impersonate", "call", "set_context_mgr", "transfer", NULL } },
+	  { "impersonate", "call", "set_context_mgr", "transfer",
+	    "setup_report", NULL } },
 	{ "cap_userns", { COMMON_CAP_PERMS, NULL } },
 	{ "cap2_userns", { COMMON_CAP2_PERMS, NULL } },
 	{ "sctp_socket",
--=20
2.49.0.604.gff1f9ca942-goog

From nobody Fri Dec 19 16:05:46 2025
Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com
 [209.85.215.177])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2FF827A126
	for <linux-kernel@vger.kernel.org>; Tue, 15 Apr 2025 07:10:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.177
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1744701035; cv=none;
 b=jcrgZdZRPuHNC45d1xwMHJMZURsxV+u64o9GIEf7V453bL/MuDG+KFXC1vKaF1zGgJlT/BcvwnLq8sga+D7RrNna2Y8yJ0o3pBoRZ7C4HroAbnhH9HbwzTMvMrpwjmccyLlPPMZDG9GIuCgQ06CBqjbp7JBJTwzj30LKRpltd/U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1744701035; c=relaxed/simple;
	bh=cuuOvrkEXLcaiKtvGjof8VPdTjuyJyXwbL0dMJ8qiNM=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=BtrqO/RLFrR7YpmYwRA9FwlppapfaE8ulyDfs1BIpKh+V1qxmuGr5Bx7apH88MUsPLEEJalI9emL6mlREBP9Bubx6CU6nOWd2DpuFFgsWKu20rj507yZz0cUO26ITOiCKtMklIdFPDSL8Bx38iXSrJnBGj/S4ieOTFiyBG91J7A=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=chromium.org;
 spf=pass smtp.mailfrom=chromium.org;
 dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
 header.b=Fj/LXsYj; arc=none smtp.client-ip=209.85.215.177
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
 header.b="Fj/LXsYj"
Received: by mail-pg1-f177.google.com with SMTP id
 41be03b00d2f7-7fd35b301bdso5746700a12.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 15 Apr 2025 00:10:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1744701032; x=1745305832;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=2nEg/1q5Ik7qkGWCFzjG5j2VljgpHPUY0c7h4Rw8AwU=;
        b=Fj/LXsYjTxRKsi1PfNS0Hjau40VAxE9f/e1W9igiViTRHfHHU0rZUP6Umfqn15P/9y
         mEv5jeAKCyw8530GbAVL0B+YttA/1fvzTW6T3G3DBVVjJwrkQVX6Lt0pLihhyMib77aR
         aHZ/I07ySlmx/NeYCkQZHAvfKDiM8RHljMGKI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1744701032; x=1745305832;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=2nEg/1q5Ik7qkGWCFzjG5j2VljgpHPUY0c7h4Rw8AwU=;
        b=I5aXJdrm/wstajUNFLLnkPdt2kGGgedlvRq+Pg1E6a6O5citz8gGZ+rr+48I3WCrKM
         Xywj7Q19GvjUpzqAPCh4JE82F/OEvUT+NgyoQc+J83pSdU/o4xLeDWWvo+hfrXNnIos+
         FLZDqne1do2gEwk/70C9A+iT8yih7J80hlFTt7sNluU8uQQNXwmnVJQy+RlUtJOMkDKK
         DE70O6KZejhbjwlAJz7sPlIpjZnCg8m64eFUWmQVqzw/4cZrJ8x6oyrnsPr0qdfx7Lj9
         VKQ9hHdfbP+FDXN1B3nNL5X8QgBiDqPvHe5l1hPWrD3eUT7ailkPhFh4xivTztAMFUXl
         GNhg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVYVl10ppsnXE32KnXy25VhiGrrIerNddLU+ilGQvAhl1nKq0Dkcbq2+aMFDl9CI5xmH6CDK61VO3RQPto=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyz5Zqj6UE+/8RPsCkYGzHkEdss6U9NUZHbWctB8cC01Ki3kv7Y
	xSCtF7K81/JAlsWxyHLV+LxE8PlhxO7vhsVv11tzZxbO2DbdH+NEUDWjWxFd4Q==
X-Gm-Gg: ASbGncsjIBjzspl7VgHypxa9pqKNasGCyrLVcBkN/zU5OfA/prv0EGl4J9lNM1XiUHp
	pDo0agqkKDkNZJBAd/RdmtQM8T+3tYPDWBkk3e/zXiGRlsaaitshEEq4HxKtQjI4gwnyAzqrhby
	2/WV7MzB43KLIAhpJeWyPXqHu08DBk+QbevWeIzi183X1MRwWHVn+GGrj6mIU1o1zJJWagIRl/u
	GMDRb6zBrH+oxJsWqsWZe1o6Vw5Fk0pwamsQ4yuY6HEIHTfuXI8hlhTs1djl8N06qWDzyn8MXXP
	0w3ypf1JDPk3irU9czsXDMX9a69lf/n7sDDf4XY6nmwfocEIjAzcZmkmgDSIp63q8QLZxt+x5U8
	V75ky7If4sZCDFDBaglSXY/6usZBn0I7B
X-Google-Smtp-Source: 
 AGHT+IFunYgCJB81zy1XqNTmQtfpOEah2oCLZQUw88GuC88RxZqm+Kz6XoF8rPBIGbk9EM5PgcaBWg==
X-Received: by 2002:a05:6a20:c88f:b0:1f5:9330:29fe with SMTP id
 adf61e73a8af0-201797a5700mr21950612637.17.1744701031648;
        Tue, 15 Apr 2025 00:10:31 -0700 (PDT)
Received: from li-cloudtop.c.googlers.com.com
 (132.197.125.34.bc.googleusercontent.com. [34.125.197.132])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-b02a2d3a250sm8659543a12.62.2025.04.15.00.10.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 15 Apr 2025 00:10:31 -0700 (PDT)
From: Li Li <dualli@chromium.org>
To: dualli@google.com,
	corbet@lwn.net,
	davem@davemloft.net,
	edumazet@google.com,
	kuba@kernel.org,
	pabeni@redhat.com,
	donald.hunter@gmail.com,
	gregkh@linuxfoundation.org,
	arve@android.com,
	tkjos@android.com,
	maco@android.com,
	joel@joelfernandes.org,
	brauner@kernel.org,
	cmllamas@google.com,
	surenb@google.com,
	omosnace@redhat.com,
	shuah@kernel.org,
	arnd@arndb.de,
	masahiroy@kernel.org,
	bagasdotme@gmail.com,
	horms@kernel.org,
	tweek@google.com,
	paul@paul-moore.com,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	netdev@vger.kernel.org,
	selinux@vger.kernel.org,
	hridya@google.com
Cc: smoreland@google.com,
	ynaffit@google.com,
	kernel-team@android.com
Subject: [PATCH v17 2/3] binder: report txn errors via generic netlink
Date: Tue, 15 Apr 2025 00:10:16 -0700
Message-ID: <20250415071017.3261009-3-dualli@chromium.org>
X-Mailer: git-send-email 2.49.0.604.gff1f9ca942-goog
In-Reply-To: <20250415071017.3261009-1-dualli@chromium.org>
References: <20250415071017.3261009-1-dualli@chromium.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Li Li <dualli@google.com>

Introduce generic netlink messages into the binder driver so that the
Linux/Android system administration processes can listen to important
events and take corresponding actions, like stopping a broken app from
attacking the OS by sending huge amount of spamming binder transactions.

The binder netlink sources and headers are automatically generated from
the corresponding binder netlink YAML spec. Don't modify them directly.

Signed-off-by: Li Li <dualli@google.com>
---
 Documentation/admin-guide/binder_netlink.rst | 108 ++++++++++
 Documentation/admin-guide/index.rst          |   1 +
 Documentation/netlink/specs/binder.yaml      | 116 ++++++++++
 drivers/android/Kconfig                      |   1 +
 drivers/android/Makefile                     |   2 +-
 drivers/android/binder.c                     | 215 ++++++++++++++++++-
 drivers/android/binder_internal.h            |  16 ++
 drivers/android/binder_netlink.c             |  46 ++++
 drivers/android/binder_netlink.h             |  23 ++
 drivers/android/binder_trace.h               |  35 +++
 include/uapi/linux/android/binder_netlink.h  |  57 +++++
 11 files changed, 615 insertions(+), 5 deletions(-)
 create mode 100644 Documentation/admin-guide/binder_netlink.rst
 create mode 100644 Documentation/netlink/specs/binder.yaml
 create mode 100644 drivers/android/binder_netlink.c
 create mode 100644 drivers/android/binder_netlink.h
 create mode 100644 include/uapi/linux/android/binder_netlink.h

diff --git a/Documentation/admin-guide/binder_netlink.rst b/Documentation/a=
dmin-guide/binder_netlink.rst
new file mode 100644
index 000000000000..83f54f0d8c45
--- /dev/null
+++ b/Documentation/admin-guide/binder_netlink.rst
@@ -0,0 +1,108 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+Generic Netlink for the Android Binder Driver (Binder Netlink)
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+
+The Generic Netlink subsystem in the Linux kernel provides a generic way f=
or
+the Linux kernel to communicate with the user space applications via binder
+driver. It is used to report binder transaction errors and warnings to user
+space administration process. The driver allows multiple binder devices and
+their corresponding binder contexts. Each context and their processes can =
be
+configured independently to report their own transactions.
+
+Basically, the user space code uses the BINDER_CMD_REPORT_SETUP command to
+request what kind of binder transactions should be reported by the driver.
+The driver then echoes the attributes in a reply message to acknowledge the
+request. The BINDER_CMD_REPORT_SETUP command also registers the current
+user space process to receive the reports. This BINDER_CMD_REPORT_SETUP
+command is protected by SELinux, to prevent unauthorized user apps from
+triggering unexpected reports.
+
+Currently the driver reports these binder transaction errors and warnings.
+1. "FAILED" transactions that fail to reach the target process;
+2. "ASYNC_FROZEN" transactions that are delayed due to the target process
+being frozen by cgroup freezer; or
+3. "SPAM" transactions that are considered spamming according to existing
+logic in binder_alloc.c.
+
+When the specified binder transactions happen, the driver uses the
+BINDER_CMD_REPORT command to send a generic netlink message to the
+registered process, containing the payload defined in binder.yaml.
+
+More details about the flags, attributes and operations can be found at the
+the doc sections in Documentations/netlink/specs/binder.yaml and the
+kernel-doc comments of the new source code in binder.{h|c}.
+
+Using Binder Netlink
+--------------------
+
+The Binder Netlink can be used in the same way as any other generic netlink
+drivers. Userspace application uses a raw netlink socket to send commands
+to and receive packets from the kernel driver.
+
+Usage example (user space pseudo code):
+
+::
+    /*
+     * send() below is overloaded to pack netlink commands and attributes
+     * to nlattr/genlmsghdr/nlmsghdr and then send to the netlink socket.
+     *
+     * recv() below is overloaded to receive the raw netlink message from
+     * the netlink socket, parse nlmsghdr/genlmsghdr to find the netlink
+     * command and then return the nlattr payload.
+     */
+
+    // open netlink socket
+    int fd =3D socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
+
+    // bind netlink socket
+    bind(fd, struct socketaddr);
+
+    // get the family id of the binder netlink
+    send(fd, CTRL_CMD_GETFAMILY, CTRL_ATTR_FAMILY_NAME,
+            BINDER_FAMILY_NAME);
+    void *data =3D recv(CTRL_CMD_NEWFAMILY);
+    if (!has_nla_type(data, CTRL_ATTR_FAMILY_ID)) {
+        // Binder Netlink isn't available on this version of Linux kernel
+        return;
+    }
+    __u16 id =3D nla(data)[CTRL_ATTR_FAMILY_ID];
+    __u32 grp =3D nla(data)[CTRL_ATTR_MCAST_GROUPS][CTRL_ATTR_MCAST_GRP_ID=
];
+
+    // join the mcast group to listen to the binder netlink messages
+    setsockopt(fd, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &grp, sizeof(grp));
+
+    // enable per-context binder report
+    send(fd, id, BINDER_CMD_REPORT_SETUP, "binder", 0,
+            BINDER_FLAG_FAILED | BINDER_FLAG_DELAYED);
+
+    // confirm the per-context configuration
+    data =3D recv(fd, BINDER_CMD_REPLY);
+    char *context =3D nla(data)[BINDER_A_CMD_CONTEXT];
+    __u32 pid =3D  nla(data)[BINDER_A_CMD_PID];
+    __u32 flags =3D nla(data)[BINDER_A_CMD_FLAGS];
+
+    // set optional per-process report, overriding the per-context one
+    send(fd, id, BINDER_CMD_REPORT_SETUP, "binder", getpid(),
+            BINDER_FLAG_SPAM | BINDER_REPORT_OVERRIDE);
+
+    // confirm the optional per-process configuration
+    data =3D recv(fd, BINDER_CMD_REPLY);
+    context =3D nla(data)[BINDER_A_CMD_CONTEXT];
+    pid =3D  nla(data)[BINDER_A_CMD_PID];
+    flags =3D nla(data)[BINDER_A_CMD_FLAGS];
+
+    // wait and read all binder reports
+    while (running) {
+            data =3D recv(fd, BINDER_CMD_REPORT);
+            auto *attr =3D nla(data)[BINDER_A_REPORT_XXX];
+
+            // process binder report
+            do_something(*attr);
+    }
+
+    // clean up
+    send(fd, id, BINDER_CMD_REPORT_SETUP, 0, 0);
+    send(fd, id, BINDER_CMD_REPORT_SETUP, getpid(), 0);
+    close(fd);
diff --git a/Documentation/admin-guide/index.rst b/Documentation/admin-guid=
e/index.rst
index 259d79fbeb94..c7d4357ed3e6 100644
--- a/Documentation/admin-guide/index.rst
+++ b/Documentation/admin-guide/index.rst
@@ -120,6 +120,7 @@ Block-layer and filesystem administration
    :maxdepth: 1
=20
    bcache
+   binder_netlink
    binderfs
    blockdev/index
    cifs/index
diff --git a/Documentation/netlink/specs/binder.yaml b/Documentation/netlin=
k/specs/binder.yaml
new file mode 100644
index 000000000000..e184645f6c41
--- /dev/null
+++ b/Documentation/netlink/specs/binder.yaml
@@ -0,0 +1,116 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cla=
use)
+
+name: binder
+protocol: genetlink
+uapi-header: linux/android/binder_netlink.h
+doc: Netlink protocol to report binder transaction errors and warnings.
+
+definitions:
+  -
+    type: flags
+    name: flag
+    doc: Define what kind of binder transactions should be reported.
+    entries: [ failed, async-frozen, spam, override ]
+
+attribute-sets:
+  -
+    name: cmd
+    doc: The supported attributes of "report-setup" command.
+    attributes:
+      -
+        name: context
+        type: string
+        doc: The binder context to enable binder netlink report.
+      -
+        name: pid
+        type: u32
+        doc: The binder proc to enable binder netlink report.
+      -
+        name: flags
+        type: u32
+        enum: flag
+        doc: What kind of binder transactions should be reported.
+  -
+    name: report
+    doc: The supported attributes of "report" command
+    attributes:
+      -
+        name: context
+        type: string
+        doc: The binder context where the binder netlink report happens.
+      -
+        name: err
+        type: u32
+        doc: Copy of binder_driver_return_protocol returned to the sender.
+      -
+        name: from_pid
+        type: u32
+        doc: Sender pid of the corresponding binder transaction.
+      -
+        name: from_tid
+        type: u32
+        doc: Sender tid of the corresponding binder transaction.
+      -
+        name: to_pid
+        type: u32
+        doc: Target pid of the corresponding binder transaction.
+      -
+        name: to_tid
+        type: u32
+        doc: Target tid of the corresponding binder transaction.
+      -
+        name: reply
+        type: u32
+        doc: 1 means the transaction is a reply, 0 otherwise.
+      -
+        name: flags
+        type: u32
+        doc: Copy of binder_transaction_data->flags.
+      -
+        name: code
+        type: u32
+        doc: Copy of binder_transaction_data->code.
+      -
+        name: data_size
+        type: u32
+        doc: Copy of binder_transaction_data->data_size.
+
+operations:
+  list:
+    -
+      name: report-setup
+      doc: Set flags from user space.
+      attribute-set: cmd
+
+      do:
+        request: &params
+          attributes:
+            - context
+            - pid
+            - flags
+        reply: *params
+    -
+      name: report
+      doc: Send the requested reports to user space.
+      attribute-set: report
+
+      event:
+        attributes:
+          - context
+          - err
+          - from_pid
+          - from_tid
+          - to_pid
+          - to_tid
+          - reply
+          - flags
+          - code
+          - data_size
+
+kernel-family:
+  headers: [ "binder_internal.h" ]
+
+mcast-groups:
+  list:
+    -
+      name: report
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
index 07aa8ae0a058..e2fa620934e2 100644
--- a/drivers/android/Kconfig
+++ b/drivers/android/Kconfig
@@ -4,6 +4,7 @@ menu "Android"
 config ANDROID_BINDER_IPC
 	bool "Android Binder IPC Driver"
 	depends on MMU
+	depends on NET
 	default n
 	help
 	  Binder is used in Android for both communication between processes,
diff --git a/drivers/android/Makefile b/drivers/android/Makefile
index c9d3d0c99c25..b8874dba884e 100644
--- a/drivers/android/Makefile
+++ b/drivers/android/Makefile
@@ -2,5 +2,5 @@
 ccflags-y +=3D -I$(src)			# needed for trace events
=20
 obj-$(CONFIG_ANDROID_BINDERFS)		+=3D binderfs.o
-obj-$(CONFIG_ANDROID_BINDER_IPC)	+=3D binder.o binder_alloc.o
+obj-$(CONFIG_ANDROID_BINDER_IPC)	+=3D binder.o binder_alloc.o binder_netli=
nk.o
 obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) +=3D binder_alloc_selftest.o
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 76052006bd87..22ec08d9995d 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -72,6 +72,7 @@
=20
 #include <linux/cacheflush.h>
=20
+#include "binder_netlink.h"
 #include "binder_internal.h"
 #include "binder_trace.h"
=20
@@ -2990,6 +2991,86 @@ static void binder_set_txn_from_error(struct binder_=
transaction *t, int id,
 	binder_thread_dec_tmpref(from);
 }
=20
+/**
+ * binder_netlink_enabled() - check if binder netlink reports are enabled
+ * @proc:	the binder_proc to check
+ * @mask:	the categories of binder netlink reports
+ *
+ * Returns true if certain binder netlink reports are enabled for this bin=
der
+ * proc (when per-process overriding takes effect) or context.
+ */
+static bool binder_netlink_enabled(struct binder_proc *proc, u32 mask)
+{
+	struct binder_context *context =3D proc->context;
+
+	if (!genl_has_listeners(&binder_nl_family, &init_net, BINDER_NLGRP_REPORT=
))
+		return false;
+
+	if (proc->report_flags & BINDER_FLAG_OVERRIDE)
+		return (proc->report_flags & mask) !=3D 0;
+	else
+		return (context->report_flags & mask) !=3D 0;
+}
+
+/**
+ * binder_netlink_report() - report one binder netlink event
+ * @context:	the binder context
+ * @err:	copy of binder_driver_return_protocol returned to the sender
+ * @reply:	whether the binder transaction is a reply
+ * @t:		the binder transaction
+ *
+ * Packs the report data into a binder netlink message and send it.
+ */
+static void binder_netlink_report(struct binder_context *context, u32 err,
+				  u32 reply, struct binder_transaction *t)
+{
+	struct sk_buff *skb;
+	void *hdr;
+	int ret;
+
+	trace_binder_netlink_report(context->name, err, reply, t);
+
+	skb =3D genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL);
+	if (!skb) {
+		pr_err("Failed to alloc binder netlink message\n");
+		return;
+	}
+
+	hdr =3D genlmsg_put(skb, 0, atomic_inc_return(&context->report_seq),
+			  &binder_nl_family, 0, BINDER_CMD_REPORT);
+	if (!hdr)
+		goto free_skb;
+
+	if (nla_put_string(skb, BINDER_A_REPORT_CONTEXT, context->name) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_ERR, err) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_FROM_PID, t->from_pid) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_FROM_TID, t->from_tid) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_TO_PID,
+			t->to_proc ? t->to_proc->pid : 0) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_TO_TID,
+			t->to_thread ? t->to_thread->pid : 0) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_REPLY, reply) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_FLAGS, t->flags) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_CODE, t->code) ||
+	    nla_put_u32(skb, BINDER_A_REPORT_DATA_SIZE, t->buffer->data_size))
+		goto cancel_skb;
+
+	genlmsg_end(skb, hdr);
+
+	ret =3D genlmsg_multicast(&binder_nl_family, skb, 0, BINDER_NLGRP_REPORT,=
 GFP_KERNEL);
+	if (ret < 0)
+		pr_err("Failed to send binder netlink message: %d\n", ret);
+
+	return;
+
+cancel_skb:
+	pr_err("Failed to add attributes to binder netlink message\n");
+	genlmsg_cancel(skb, hdr);
+free_skb:
+	pr_err("Free binder netlink report message on error\n");
+	nlmsg_free(skb);
+}
+
 static void binder_transaction(struct binder_proc *proc,
 			       struct binder_thread *thread,
 			       struct binder_transaction_data *tr, int reply,
@@ -3683,10 +3764,14 @@ static void binder_transaction(struct binder_proc *=
proc,
 		return_error_line =3D __LINE__;
 		goto err_copy_data_failed;
 	}
-	if (t->buffer->oneway_spam_suspect)
+	if (t->buffer->oneway_spam_suspect) {
 		tcomplete->type =3D BINDER_WORK_TRANSACTION_ONEWAY_SPAM_SUSPECT;
-	else
+		if (binder_netlink_enabled(proc, BINDER_FLAG_SPAM))
+			binder_netlink_report(context, BR_ONEWAY_SPAM_SUSPECT,
+					      reply, t);
+	} else {
 		tcomplete->type =3D BINDER_WORK_TRANSACTION_COMPLETE;
+	}
 	t->work.type =3D BINDER_WORK_TRANSACTION;
=20
 	if (reply) {
@@ -3736,8 +3821,12 @@ static void binder_transaction(struct binder_proc *p=
roc,
 		 * process and is put in a pending queue, waiting for the target
 		 * process to be unfrozen.
 		 */
-		if (return_error =3D=3D BR_TRANSACTION_PENDING_FROZEN)
+		if (return_error =3D=3D BR_TRANSACTION_PENDING_FROZEN) {
 			tcomplete->type =3D BINDER_WORK_TRANSACTION_PENDING;
+			if (binder_netlink_enabled(proc, BINDER_FLAG_ASYNC_FROZEN))
+				binder_netlink_report(context, return_error,
+						      reply, t);
+		}
 		binder_enqueue_thread_work(thread, tcomplete);
 		if (return_error &&
 		    return_error !=3D BR_TRANSACTION_PENDING_FROZEN)
@@ -3799,6 +3888,10 @@ static void binder_transaction(struct binder_proc *p=
roc,
 		binder_dec_node_tmpref(target_node);
 	}
=20
+	if (binder_netlink_enabled(proc, BINDER_FLAG_FAILED))
+		binder_netlink_report(context, return_error,
+				      reply, t);
+
 	binder_debug(BINDER_DEBUG_FAILED_TRANSACTION,
 		     "%d:%d transaction %s to %d:%d failed %d/%d/%d, code %u size %lld-%=
lld line %d\n",
 		     proc->pid, thread->pid, reply ? "reply" :
@@ -6334,6 +6427,113 @@ binder_defer_work(struct binder_proc *proc, enum bi=
nder_deferred_state defer)
 	mutex_unlock(&binder_deferred_lock);
 }
=20
+/**
+ * binder_nl_report_setup_doit() - netlink .doit handler
+ * @skb:	the metadata struct passed from netlink driver
+ * @info:	the generic netlink struct passed from netlink driver
+ *
+ * Implements the .doit function to process binder netlink commands.
+ */
+int binder_nl_report_setup_doit(struct sk_buff *skb, struct genl_info *inf=
o)
+{
+	struct binder_context *context =3D NULL;
+	struct binder_device *device;
+	struct binder_proc *proc;
+	u32 flags, pid;
+	bool found;
+	void *hdr;
+	int ret;
+
+	ret =3D security_binder_setup_report(current_cred());
+	if (ret < 0) {
+		NL_SET_ERR_MSG(info->extack, "Permission denied");
+		return ret;
+	}
+
+	if (nla_len(info->attrs[BINDER_A_CMD_CONTEXT])) {
+		/* Search the specified binder context */
+		hlist_for_each_entry(device, &binder_devices, hlist) {
+			if (!nla_strcmp(info->attrs[BINDER_A_CMD_CONTEXT],
+					device->context.name)) {
+				context =3D &device->context;
+				break;
+			}
+		}
+
+		if (!context) {
+			NL_SET_ERR_MSG(info->extack, "Invalid binder context");
+			return -EINVAL;
+		}
+	}
+
+	pid =3D nla_get_u32(info->attrs[BINDER_A_CMD_PID]);
+	flags =3D nla_get_u32(info->attrs[BINDER_A_CMD_FLAGS]);
+
+	if (!pid) {
+		if (!context) {
+			NL_SET_ERR_MSG(info->extack,
+				       "Invalid binder context and pid");
+			return -EINVAL;
+		}
+
+		/* Set the global flags for the whole binder context */
+		context->report_flags =3D flags;
+	} else {
+		/* Set the per-process flags */
+		found =3D false;
+		mutex_lock(&binder_procs_lock);
+		hlist_for_each_entry(proc, &binder_procs, proc_node) {
+			if (proc->pid =3D=3D pid
+			    && (proc->context =3D=3D context || !context)) {
+				proc->report_flags =3D flags;
+				found =3D true;
+			}
+		}
+		mutex_unlock(&binder_procs_lock);
+
+		if (!found) {
+			NL_SET_ERR_MSG_FMT(info->extack,
+					   "Invalid binder report pid %u",
+					   pid);
+			return -EINVAL;
+		}
+	}
+
+	skb =3D genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL);
+	if (!skb) {
+		pr_err("Failed to alloc binder netlink reply message\n");
+		return -ENOMEM;
+	}
+
+	hdr =3D genlmsg_iput(skb, info);
+	if (!hdr)
+		goto free_skb;
+
+	if (nla_put_string(skb, BINDER_A_CMD_CONTEXT, context->name) ||
+	    nla_put_u32(skb, BINDER_A_CMD_PID, pid) ||
+	    nla_put_u32(skb, BINDER_A_CMD_FLAGS, flags))
+		goto cancel_skb;
+
+	genlmsg_end(skb, hdr);
+
+	if (genlmsg_reply(skb, info)) {
+		pr_err("Failed to send binder netlink reply message\n");
+		return -EFAULT;
+	}
+
+	return 0;
+
+cancel_skb:
+	pr_err("Failed to add reply attributes to binder netlink message\n");
+	genlmsg_cancel(skb, hdr);
+free_skb:
+	pr_err("Free binder netlink reply message on error\n");
+	nlmsg_free(skb);
+	ret =3D -EMSGSIZE;
+
+	return ret;
+}
+
 static void print_binder_transaction_ilocked(struct seq_file *m,
 					     struct binder_proc *proc,
 					     const char *prefix,
@@ -7009,12 +7209,19 @@ static int __init binder_init(void)
 		}
 	}
=20
-	ret =3D init_binderfs();
+	ret =3D genl_register_family(&binder_nl_family);
 	if (ret)
 		goto err_init_binder_device_failed;
=20
+	ret =3D init_binderfs();
+	if (ret)
+		goto err_init_binderfs_failed;
+
 	return ret;
=20
+err_init_binderfs_failed:
+	genl_unregister_family(&binder_nl_family);
+
 err_init_binder_device_failed:
 	hlist_for_each_entry_safe(device, tmp, &binder_devices, hlist) {
 		misc_deregister(&device->miscdev);
diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_int=
ernal.h
index 6a66c9769c6c..8ddd1ddea8e0 100644
--- a/drivers/android/binder_internal.h
+++ b/drivers/android/binder_internal.h
@@ -11,15 +11,28 @@
 #include <linux/stddef.h>
 #include <linux/types.h>
 #include <linux/uidgid.h>
+#include <net/genetlink.h>
 #include <uapi/linux/android/binderfs.h>
 #include "binder_alloc.h"
 #include "dbitmap.h"
=20
+/**
+ * struct binder_context - information about a binder domain
+ * @binder_context_mgr_node: the context manager
+ * @context_mgr_node_lock:   the lock protecting the above context manager=
 node
+ * @binder_context_mgr_uid:  the uid of the above context manager
+ * @name:                    the name of the binder device
+ * @report_flags:            the categories of binder transactions that wo=
uld
+ *                           be reported (see enum binder_report_flag).
+ * @report_seq:              the seq number of the generic netlink report
+ */
 struct binder_context {
 	struct binder_node *binder_context_mgr_node;
 	struct mutex context_mgr_node_lock;
 	kuid_t binder_context_mgr_uid;
 	const char *name;
+	u32 report_flags;
+	atomic_t report_seq;
 };
=20
 /**
@@ -413,6 +426,8 @@ struct binder_ref {
  * @binderfs_entry:       process-specific binderfs log file
  * @oneway_spam_detection_enabled: process enabled oneway spam detection
  *                        or not
+ * @report_flags:         the categories of binder transactions that would
+ *                        be reported (see enum binder_genl_flag).
  *
  * Bookkeeping structure for binder processes
  */
@@ -451,6 +466,7 @@ struct binder_proc {
 	spinlock_t outer_lock;
 	struct dentry *binderfs_entry;
 	bool oneway_spam_detection_enabled;
+	u32 report_flags;
 };
=20
 /**
diff --git a/drivers/android/binder_netlink.c b/drivers/android/binder_netl=
ink.c
new file mode 100644
index 000000000000..9dc1820951c3
--- /dev/null
+++ b/drivers/android/binder_netlink.c
@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause)
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/binder.yaml */
+/* YNL-GEN kernel source */
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include "binder_netlink.h"
+
+#include <uapi/linux/android/binder_netlink.h>
+#include <binder_internal.h>
+
+/* BINDER_CMD_REPORT_SETUP - do */
+static const struct nla_policy binder_report_setup_nl_policy[BINDER_A_CMD_=
FLAGS + 1] =3D {
+	[BINDER_A_CMD_CONTEXT] =3D { .type =3D NLA_NUL_STRING, },
+	[BINDER_A_CMD_PID] =3D { .type =3D NLA_U32, },
+	[BINDER_A_CMD_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0xf),
+};
+
+/* Ops table for binder */
+static const struct genl_split_ops binder_nl_ops[] =3D {
+	{
+		.cmd		=3D BINDER_CMD_REPORT_SETUP,
+		.doit		=3D binder_nl_report_setup_doit,
+		.policy		=3D binder_report_setup_nl_policy,
+		.maxattr	=3D BINDER_A_CMD_FLAGS,
+		.flags		=3D GENL_CMD_CAP_DO,
+	},
+};
+
+static const struct genl_multicast_group binder_nl_mcgrps[] =3D {
+	[BINDER_NLGRP_REPORT] =3D { "report", },
+};
+
+struct genl_family binder_nl_family __ro_after_init =3D {
+	.name		=3D BINDER_FAMILY_NAME,
+	.version	=3D BINDER_FAMILY_VERSION,
+	.netnsok	=3D true,
+	.parallel_ops	=3D true,
+	.module		=3D THIS_MODULE,
+	.split_ops	=3D binder_nl_ops,
+	.n_split_ops	=3D ARRAY_SIZE(binder_nl_ops),
+	.mcgrps		=3D binder_nl_mcgrps,
+	.n_mcgrps	=3D ARRAY_SIZE(binder_nl_mcgrps),
+};
diff --git a/drivers/android/binder_netlink.h b/drivers/android/binder_netl=
ink.h
new file mode 100644
index 000000000000..0ef8c91ab319
--- /dev/null
+++ b/drivers/android/binder_netlink.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/binder.yaml */
+/* YNL-GEN kernel header */
+
+#ifndef _LINUX_BINDER_GEN_H
+#define _LINUX_BINDER_GEN_H
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include <uapi/linux/android/binder_netlink.h>
+#include <binder_internal.h>
+
+int binder_nl_report_setup_doit(struct sk_buff *skb, struct genl_info *inf=
o);
+
+enum {
+	BINDER_NLGRP_REPORT,
+};
+
+extern struct genl_family binder_nl_family;
+
+#endif /* _LINUX_BINDER_GEN_H */
diff --git a/drivers/android/binder_trace.h b/drivers/android/binder_trace.h
index 16de1b9e72f7..968f14f029eb 100644
--- a/drivers/android/binder_trace.h
+++ b/drivers/android/binder_trace.h
@@ -423,6 +423,41 @@ TRACE_EVENT(binder_return,
 			  "unknown")
 );
=20
+TRACE_EVENT(binder_netlink_report,
+	TP_PROTO(const char *name, u32 err, u32 reply,
+		 struct binder_transaction *t),
+	TP_ARGS(name, err, reply, t),
+	TP_STRUCT__entry(
+		__field(const char *, name)
+		__field(u32, err)
+		__field(u32, from_pid)
+		__field(u32, from_tid)
+		__field(u32, to_pid)
+		__field(u32, to_tid)
+		__field(u32, reply)
+		__field(u32, flags)
+		__field(u32, code)
+		__field(binder_size_t, data_size)
+	),
+	TP_fast_assign(
+		__entry->name =3D name;
+		__entry->err =3D err;
+		__entry->from_pid =3D t->from_pid;
+		__entry->from_tid =3D t->from_tid;
+		__entry->to_pid =3D t->to_proc ? t->to_proc->pid : 0;
+		__entry->to_tid =3D t->to_thread ? t->to_thread->pid : 0;
+		__entry->reply =3D reply;
+		__entry->flags =3D t->flags;
+		__entry->code =3D t->code;
+		__entry->data_size =3D t->buffer->data_size;
+	),
+	TP_printk("%s: %d %d:%d -> %d:%d %s flags=3D0x08%x code=3D%d %llu",
+		  __entry->name, __entry->err, __entry->from_pid,
+		  __entry->from_tid, __entry->to_pid, __entry->to_tid,
+		  __entry->reply ? "reply" : "", __entry->flags,
+		  __entry->code, __entry->data_size)
+);
+
 #endif /* _BINDER_TRACE_H */
=20
 #undef TRACE_INCLUDE_PATH
diff --git a/include/uapi/linux/android/binder_netlink.h b/include/uapi/lin=
ux/android/binder_netlink.h
new file mode 100644
index 000000000000..fa926ed19507
--- /dev/null
+++ b/include/uapi/linux/android/binder_netlink.h
@@ -0,0 +1,57 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/binder.yaml */
+/* YNL-GEN uapi header */
+
+#ifndef _UAPI_LINUX_ANDROID_BINDER_NETLINK_H
+#define _UAPI_LINUX_ANDROID_BINDER_NETLINK_H
+
+#define BINDER_FAMILY_NAME	"binder"
+#define BINDER_FAMILY_VERSION	1
+
+/*
+ * Define what kind of binder transactions should be reported.
+ */
+enum binder_flag {
+	BINDER_FLAG_FAILED =3D 1,
+	BINDER_FLAG_ASYNC_FROZEN =3D 2,
+	BINDER_FLAG_SPAM =3D 4,
+	BINDER_FLAG_OVERRIDE =3D 8,
+};
+
+enum {
+	BINDER_A_CMD_CONTEXT =3D 1,
+	BINDER_A_CMD_PID,
+	BINDER_A_CMD_FLAGS,
+
+	__BINDER_A_CMD_MAX,
+	BINDER_A_CMD_MAX =3D (__BINDER_A_CMD_MAX - 1)
+};
+
+enum {
+	BINDER_A_REPORT_CONTEXT =3D 1,
+	BINDER_A_REPORT_ERR,
+	BINDER_A_REPORT_FROM_PID,
+	BINDER_A_REPORT_FROM_TID,
+	BINDER_A_REPORT_TO_PID,
+	BINDER_A_REPORT_TO_TID,
+	BINDER_A_REPORT_REPLY,
+	BINDER_A_REPORT_FLAGS,
+	BINDER_A_REPORT_CODE,
+	BINDER_A_REPORT_DATA_SIZE,
+
+	__BINDER_A_REPORT_MAX,
+	BINDER_A_REPORT_MAX =3D (__BINDER_A_REPORT_MAX - 1)
+};
+
+enum {
+	BINDER_CMD_REPORT_SETUP =3D 1,
+	BINDER_CMD_REPORT,
+
+	__BINDER_CMD_MAX,
+	BINDER_CMD_MAX =3D (__BINDER_CMD_MAX - 1)
+};
+
+#define BINDER_MCGRP_REPORT	"report"
+
+#endif /* _UAPI_LINUX_ANDROID_BINDER_NETLINK_H */
--=20
2.49.0.604.gff1f9ca942-goog
From nobody Fri Dec 19 16:05:46 2025
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF7D327A90A
	for <linux-kernel@vger.kernel.org>; Tue, 15 Apr 2025 07:10:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.172
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1744701035; cv=none;
 b=PVe1EHPQONwF02BLN7g0fmrsY/lIdLGmOS1m3WE+tf/7ueRl6WqwzY7/we8aWxu2JOZaWKzMHjc1bfBwmtAbSioUFt4HdjSX0QylG5UjjLaUC7UvfuwpQvCbbAgigAT8yeJLodP6fO7dYfOn5fjCDPINBzgAa2wcBUyfwIEOGXI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1744701035; c=relaxed/simple;
	bh=5/Q6wZAHlAFmRAc6PTdxw7FebEdY0c1THxnkixSJjak=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=pST73zvKK/S5wG7ZsNdXRu6iNR8DfaTeV7cVcM3frIIDw3QnikLhFyZGYpOaFG1HC6IvK+n2innZz7U8TQV3SWZ85ggOzGcGbce/B2xszQ3cJdFSLw/uOMGZ//jmPNkNbRangB0z7vJapfSlivMCbl3mSc+4RGyUP72F3pK//zQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=chromium.org;
 spf=pass smtp.mailfrom=chromium.org;
 dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
 header.b=GMar4xyC; arc=none smtp.client-ip=209.85.210.172
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
 header.b="GMar4xyC"
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-736aa9d0f2aso5848685b3a.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 15 Apr 2025 00:10:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1744701033; x=1745305833;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=iMq8j0+T2PKoYo9dFG4yyaez3NXQz/XEaR/01iGoF+0=;
        b=GMar4xyClu9m1y/TQ7v0sxLCogMMh2pPHp8Nt3sGNzWeN4f/YzWXhlAb1tQDw+qEKL
         DpwZIi3Xb2GrPME4y2c0agDCSFbhn/T73JQdKRPuxHknfkJcRpUOENmPfS98N+b0CBOV
         qQE5Y7yP1ZGT7Z8AKZywdnT7I4LWVcq0sZQfk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1744701033; x=1745305833;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=iMq8j0+T2PKoYo9dFG4yyaez3NXQz/XEaR/01iGoF+0=;
        b=QudCfGUDS+2NH4DryHwKZzkDhIgEk7ZutMHbWqAg2BJcCK3KJYMFDpmjQlmexawRA6
         Q7WuXMpOt7XzSO+VsD1R6YOT2PPOjoZoMeSr7er9Md6SIjYvvQR1QR1EuM+MF88/762i
         OZVbj7pbsZeRKLSWRL1RlIcGK4kHdYLmasIfyVjs60lwyTBZSZhLaZi0ckEZ6IltZ+9R
         9GmHmVxD2MA0s2q/QHOfnT/GEtYxsG+TmsnuN/Rqzb2HjrOOeKwe+OnHYh9rtYLQ/Eni
         jkvezZ6eepJKknT8K8lzdtv5NyGhvh6uTOoLP2hzXqtbUNQeJFxVECsx3SdHntrUeYm3
         5ZLw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVdZGOUIFD/W5UvBYNntQJj1xJB3PpJI64dDhQroeZogN1sK+r3zEvn03+3i2ckoGQhsJbSG/1dmP1tFm4=@vger.kernel.org
X-Gm-Message-State: AOJu0YxeFRQRgkOnlp9tzeaaqDVJumgzwj6rMY/kUCX7fXi/gYKfV7/V
	WUvpCvASa1Q2HTArERLh0OQC0Zo+iWn7U0rElO59sYqGJM3P+vHPMnxSELGpCw==
X-Gm-Gg: ASbGncurCgvA5qJUuVkOWo9sfiwoyCHtOaNsAK7v31X5jiuk8lWPQ9nwJxrrNk+ey2I
	zCtIDrazLanAkKrVvjp+jH5wgINl0+ygqQc8FQW75AMgCj5tJZxbw0i4ofzSMBWwr6R1quqnDlI
	UlQEhhuIBlyyaMz2Gadyf+AbauWCGELWvPwmwCez30NYL8fXMuFtMLx3fyedf9tGvqsiON9cLn2
	VearPh+Dh1SjwJuVVFLu5lnK+MDPzNwOjZBNlJRQtY2Et3ZZfwaiMN5ih2R1GTQvPxYw4b3mmpW
	BRctZ0TD1H/3sVlSV7WEdc9jQaitaa9mWM49PPRGV6+m0nvY+74pBNkDilingMgpQ8yEr0WcyG3
	IpKAdZPUeBXkhw73ALcAdHtH6b/0tdsvC
X-Google-Smtp-Source: 
 AGHT+IETMONHFj3vtnyzyN1Hl4JTwNESRGr7vfO1xrjSKAxvHZMIIVgKsrXxTSZx103zJLRD3NHWTQ==
X-Received: by 2002:a05:6a21:3a96:b0:1f5:730b:e09a with SMTP id
 adf61e73a8af0-201797ae1e3mr22020972637.20.1744701033333;
        Tue, 15 Apr 2025 00:10:33 -0700 (PDT)
Received: from li-cloudtop.c.googlers.com.com
 (132.197.125.34.bc.googleusercontent.com. [34.125.197.132])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-b02a2d3a250sm8659543a12.62.2025.04.15.00.10.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 15 Apr 2025 00:10:32 -0700 (PDT)
From: Li Li <dualli@chromium.org>
To: dualli@google.com,
	corbet@lwn.net,
	davem@davemloft.net,
	edumazet@google.com,
	kuba@kernel.org,
	pabeni@redhat.com,
	donald.hunter@gmail.com,
	gregkh@linuxfoundation.org,
	arve@android.com,
	tkjos@android.com,
	maco@android.com,
	joel@joelfernandes.org,
	brauner@kernel.org,
	cmllamas@google.com,
	surenb@google.com,
	omosnace@redhat.com,
	shuah@kernel.org,
	arnd@arndb.de,
	masahiroy@kernel.org,
	bagasdotme@gmail.com,
	horms@kernel.org,
	tweek@google.com,
	paul@paul-moore.com,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	netdev@vger.kernel.org,
	selinux@vger.kernel.org,
	hridya@google.com
Cc: smoreland@google.com,
	ynaffit@google.com,
	kernel-team@android.com
Subject: [PATCH v17 3/3] binder: transaction report binder_features flag
Date: Tue, 15 Apr 2025 00:10:17 -0700
Message-ID: <20250415071017.3261009-4-dualli@chromium.org>
X-Mailer: git-send-email 2.49.0.604.gff1f9ca942-goog
In-Reply-To: <20250415071017.3261009-1-dualli@chromium.org>
References: <20250415071017.3261009-1-dualli@chromium.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Li Li <dualli@google.com>

Add a flag to binder_features to indicate that the transaction report
feature via generic netlink is available.

Signed-off-by: Li Li <dualli@google.com>
---
 drivers/android/binderfs.c                                | 8 ++++++++
 .../selftests/filesystems/binderfs/binderfs_test.c        | 1 +
 2 files changed, 9 insertions(+)

diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index 98da8c4eea59..bf9c3becca1e 100644
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -59,6 +59,7 @@ struct binder_features {
 	bool oneway_spam_detection;
 	bool extended_error;
 	bool freeze_notification;
+	bool transaction_report;
 };
=20
 static const struct constant_table binderfs_param_stats[] =3D {
@@ -76,6 +77,7 @@ static struct binder_features binder_features =3D {
 	.oneway_spam_detection =3D true,
 	.extended_error =3D true,
 	.freeze_notification =3D true,
+	.transaction_report =3D true,
 };
=20
 static inline struct binderfs_info *BINDERFS_SB(const struct super_block *=
sb)
@@ -619,6 +621,12 @@ static int init_binder_features(struct super_block *sb)
 	if (IS_ERR(dentry))
 		return PTR_ERR(dentry);
=20
+	dentry =3D binderfs_create_file(dir, "transaction_report",
+				      &binder_features_fops,
+				      &binder_features.transaction_report);
+	if (IS_ERR(dentry))
+		return PTR_ERR(dentry);
+
 	return 0;
 }
=20
diff --git a/tools/testing/selftests/filesystems/binderfs/binderfs_test.c b=
/tools/testing/selftests/filesystems/binderfs/binderfs_test.c
index 81db85a5cc16..39a68078a79b 100644
--- a/tools/testing/selftests/filesystems/binderfs/binderfs_test.c
+++ b/tools/testing/selftests/filesystems/binderfs/binderfs_test.c
@@ -65,6 +65,7 @@ static int __do_binderfs_test(struct __test_metadata *_me=
tadata)
 		"oneway_spam_detection",
 		"extended_error",
 		"freeze_notification",
+		"transaction_report",
 	};
=20
 	change_mountns(_metadata);
--=20
2.49.0.604.gff1f9ca942-goog