binder+rust_binder: use current_euid() for transaction sender identity

[PATCH 1/2] binder: use current_euid() for transaction sender identity

Posted by Jann Horn 1 month, 2 weeks ago

Binder currently uses task_euid(proc->tsk) as the transaction sender EUID,
where proc->tsk is the main thread of the process that opened /dev/binder.
That's not clean; use the subjective EUID of the current task instead.

Signed-off-by: Jann Horn <jannh@google.com>
---
 drivers/android/binder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index adde1e40cccd..3dfce0fb9e13 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3113,7 +3113,7 @@ static void binder_transaction(struct binder_proc *proc,
 	t->start_time = t_start_time;
 	t->from_pid = proc->pid;
 	t->from_tid = thread->pid;
-	t->sender_euid = task_euid(proc->tsk);
+	t->sender_euid = current_euid();
 	t->code = tr->code;
 	t->flags = tr->flags;
 	t->priority = task_nice(current);

-- 
2.53.0.273.g2a3d683680-goog

[PATCH 1/2] binder: use current_euid() for transaction sender identity
[PATCH 2/2] rust_binder: use current_euid() for transaction sender identity