apparmor_secid_to_secctx doesn't allocate memory for secctx on nullptr
Bug #1844780 reported by
Simon Fels
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
apparmor_
This causes the Android binder driver to fail transactions initiated from user space when the kernel is running with AppArmor instead of SELinux as no security context was retrieved when calling security_
Not saying this isn't a bug. But I need more info, something is off. Looking at this apparmor is allocating memory and putting the label into it.
AppArmor nor selinux are allocating a buffer when
char **secdata is null because there is no place to return the value.
When
*secdata is NULL both apparmor and selinux are allocating and returning a value
both apparmor and selinux are overwriting any existing pointer value at *secdata though apparmor may not be zeroing it in an earlier error case.