Trim trailing '\0's inserted by libselinux.

libselinux has an off-by-one that causes it to pass the trailing '\0' to the kernel as if it's part of the security context, and the kernel dutifully hands it back, since it's an uninterpreted byte array as far as the kernel is concerned. libselinux accidentally hides this bug by treating it as a C string and calling strdup(), but debuggerd doesn't because it reads the file into a std::string. We could switch to libselinux's getcon()/getpidcon(), but (a) libselinux is awful (see above) and (b) not currently accessible to apexes (and it doesn't seem like a great idea to make it accessible). So just manually drop the last byte from the context we read ourselves, if it happens to be a '\0'. Bug: android/ndk#1993 Test: treehugger Change-Id: I8e7605ac5e618007a8da635cb6f45b0778dc167c
minaripenguin · Mar 4, 2024 · 018ce2e · 018ce2e
1 parent 0ee00fe
commit 018ce2e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
@@ -510,6 510,10 @@ int main(int argc, char** argv) {
  if (!android::base::ReadFdToString(attr_fd, &info.selinux_label)) {
  PLOG(WARNING) << "failed to read selinux label";
  }
  // https://github.com/android/ndk/issues/1993
  if (!info.selinux_label.empty() && info.selinux_label.back() == '\0') {
  info.selinux_label.pop_back();
  }
 
  if (!ptrace_interrupt(thread, &info.signo)) {
  PLOG(WARNING) << "failed to ptrace interrupt thread " << thread;

diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp
@@ -71,6 71,10 @@ void engrave_tombstone_ucontext(int tombstone_fd, int proto_fd, uint64_t abort_m
 
  std::string selinux_label;
  android::base::ReadFileToString("/proc/self/attr/current", &selinux_label);
  // https://github.com/android/ndk/issues/1993
  if (!selinux_label.empty() && selinux_label.back() == '\0') {
  selinux_label.pop_back();
  }
 
  std::map<pid_t, ThreadInfo> threads;
  threads[target_tid] = ThreadInfo {