Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1de00964 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

NativeHandle.java: dup() with O_CLOEXEC 

Don't use Os.dup(), as it creates file handles which leak across exec()
boundaries. Instead, use fcntl(F_DUPFD_CLOEXEC);

O_CLOEXEC is essential for ensuring that file descriptors do not leak
across an exec() boundary. Setting O_CLOEXEC ensures that file
descriptors can't linger around unnecessarily in an exec()ed process
which doesn't use them, making more efficient use of resources.
Additionally, O_CLOEXEC is important in ensuring that untrusted
exec()ed code cannot take advantage of leaked file descriptors.

Test: Android compiles and boots
Bug: 120983106
Change-Id: I99a66834cc6b9bb25e1b4daf75384ec6a91ae9e2
parent bc292422

core/java/android/os/NativeHandle.java

+6 −1
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package android.os;



import static android.system.OsConstants.F_DUPFD_CLOEXEC;



import android.annotation.NonNull;

import android.annotation.SystemApi;

import android.system.ErrnoException;
@@ -108,7 +110,10 @@ public final class NativeHandle implements Closeable { 
        FileDescriptor[] fds = new FileDescriptor[mFds.length];

        try {

            for (int i = 0; i < mFds.length; i++) {

                fds[i] = Os.dup(mFds[i]);

                FileDescriptor newFd = new FileDescriptor();

                int fdint = Os.fcntlInt(mFds[i], F_DUPFD_CLOEXEC, 0);

                newFd.setInt$(fdint);

                fds[i] = newFd;

            }

        } catch (ErrnoException e) {

            e.rethrowAsIOException();