diff --git a/rust/kernel/cred.rs b/rust/kernel/cred.rs
index 81d67789b16f..77eb190fe214 100644
--- a/rust/kernel/cred.rs
+++ b/rust/kernel/cred.rs
@@ -53,6 +53,11 @@ impl Credential {
         unsafe { &*ptr.cast() }
     }
 
+    /// Returns a raw pointer to the inner credential.
+    pub fn as_ptr(&self) -> *const bindings::cred {
+        self.0.get()
+    }
+
     /// Get the id for this security context.
     pub fn get_secid(&self) -> u32 {
         let mut secid = 0;
diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs
index 2522868862a1..7e50b375df26 100644
--- a/rust/kernel/security.rs
+++ b/rust/kernel/security.rs
@@ -8,9 +8,42 @@
 
 use crate::{
     bindings,
+    cred::Credential,
     error::{to_result, Result},
+    fs::File,
 };
 
+/// Calls the security modules to determine if the given task can become the manager of a binder
+/// context.
+pub fn binder_set_context_mgr(mgr: &Credential) -> Result {
+    // SAFETY: `mrg.0` is valid because the shared reference guarantees a nonzero refcount.
+    to_result(unsafe { bindings::security_binder_set_context_mgr(mgr.as_ptr()) })
+}
+
+/// Calls the security modules to determine if binder transactions are allowed from task `from` to
+/// task `to`.
+pub fn binder_transaction(from: &Credential, to: &Credential) -> Result {
+    // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
+    to_result(unsafe { bindings::security_binder_transaction(from.as_ptr(), to.as_ptr()) })
+}
+
+/// Calls the security modules to determine if task `from` is allowed to send binder objects
+/// (owned by itself or other processes) to task `to` through a binder transaction.
+pub fn binder_transfer_binder(from: &Credential, to: &Credential) -> Result {
+    // SAFETY: `from` and `to` are valid because the shared references guarantee nonzero refcounts.
+    to_result(unsafe { bindings::security_binder_transfer_binder(from.as_ptr(), to.as_ptr()) })
+}
+
+/// Calls the security modules to determine if task `from` is allowed to send the given file to
+/// task `to` (which would get its own file descriptor) through a binder transaction.
+pub fn binder_transfer_file(from: &Credential, to: &Credential, file: &File) -> Result {
+    // SAFETY: `from`, `to` and `file` are valid because the shared references guarantee nonzero
+    // refcounts.
+    to_result(unsafe {
+        bindings::security_binder_transfer_file(from.as_ptr(), to.as_ptr(), file.as_ptr())
+    })
+}
+
 /// A security context string.
 ///
 /// # Invariants