On 6/1/2019 7:27 PM, Kees Cook wrote:
> On Fri, May 31, 2019 at 04:10:08PM -0700, Casey Schaufler wrote:
>> -void apparmor_release_secctx(char *secdata, u32 seclen)
>> +void apparmor_release_secctx(struct lsm_context *cp)
>> {
>> - kfree(secdata);
>> + kfree(cp->context);
>> }
> Maybe better to have common helper?
>
> void lsm_context_clear(struct lsm_context *cp)
> {
> kfree(cp->context);
> cp->context = NULL;
> cp->len = 0;
> }
The caller, security_release_secctx(), does a
lsm_context_init after the module specific code.
The helper wouldn't be generic, since Smack does
not do a kfree() on cp->context.
