binder: use current_euid() for transaction sender identity

Binder currently uses task_euid(proc->tsk) as the transaction sender EUID,
where proc->tsk is the main thread of the process that opened /dev/binder.
That's not clean; use the subjective EUID of the current task instead.

Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Acked-by: Gary Guo <gary@garyguo.net>
Link: https://patch.msgid.link/20260213-binder-uid-v1-1-7b795ae05523@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 21f91d9f2fbcf934347a0df5a78e869753ca2680..9e61942245936807fcb4ee1b6187b96def7b1611 100644 (file)
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3117,7 +3117,7 @@ static void binder_transaction(struct binder_proc *proc,
        t->start_time = t_start_time;
        t->from_pid = proc->pid;
        t->from_tid = thread->pid;
-       t->sender_euid = task_euid(proc->tsk);
+       t->sender_euid = current_euid();
        t->code = tr->code;
        t->flags = tr->flags;
        t->priority = task_nice(current);