From 827cc4632072248f4339147a7c852c50e4c9b13a Mon Sep 17 00:00:00 2001
From: Elliott Hughes <enh@google.com>
Date: Fri, 26 Jan 2024 23:29:38 +0000
Subject: [PATCH] Trim trailing '\0's inserted by libselinux.

libselinux has an off-by-one that causes it to pass the trailing '\0' to
the kernel as if it's part of the security context, and the kernel
dutifully hands it back, since it's an uninterpreted byte array as far
as the kernel is concerned. libselinux accidentally hides this bug by
treating it as a C string and calling strdup(), but debuggerd doesn't
because it reads the file into a std::string.

We could switch to libselinux's getcon()/getpidcon(), but (a) libselinux
is awful (see above) and (b) not currently accessible to apexes (and it
doesn't seem like a great idea to make it accessible). So just manually
drop the last byte from the context we read ourselves, if it happens to
be a '\0'.

Bug: https://github.com/android/ndk/issues/1993
Test: treehugger
Change-Id: I8e7605ac5e618007a8da635cb6f45b0778dc167c
---
 debuggerd/crash_dump.cpp             | 4 ++++
 debuggerd/libdebuggerd/tombstone.cpp | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
index 3563436ac41d..2bf0c9240fd6 100644
--- a/debuggerd/crash_dump.cpp
+++ b/debuggerd/crash_dump.cpp
@@ -510,6 +510,10 @@ int main(int argc, char** argv) {
       if (!android::base::ReadFdToString(attr_fd, &info.selinux_label)) {
         PLOG(WARNING) << "failed to read selinux label";
       }
+      // https://github.com/android/ndk/issues/1993
+      if (!info.selinux_label.empty() && info.selinux_label.back() == '\0') {
+        info.selinux_label.pop_back();
+      }
 
       if (!ptrace_interrupt(thread, &info.signo)) {
         PLOG(WARNING) << "failed to ptrace interrupt thread " << thread;
diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp
index 375ed8a2cccc..6b4db35c8cd3 100644
--- a/debuggerd/libdebuggerd/tombstone.cpp
+++ b/debuggerd/libdebuggerd/tombstone.cpp
@@ -71,6 +71,10 @@ void engrave_tombstone_ucontext(int tombstone_fd, int proto_fd, uint64_t abort_m
 
   std::string selinux_label;
   android::base::ReadFileToString("/proc/self/attr/current", &selinux_label);
+  // https://github.com/android/ndk/issues/1993
+  if (!selinux_label.empty() && selinux_label.back() == '\0') {
+    selinux_label.pop_back();
+  }
 
   std::map<pid_t, ThreadInfo> threads;
   threads[target_tid] = ThreadInfo {