From 1de009645c3e315e749bae7246f9a2972c80a051 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Mon, 17 Dec 2018 14:41:59 -0800 Subject: [PATCH] NativeHandle.java: dup() with O_CLOEXEC Don't use Os.dup(), as it creates file handles which leak across exec() boundaries. Instead, use fcntl(F_DUPFD_CLOEXEC); O_CLOEXEC is essential for ensuring that file descriptors do not leak across an exec() boundary. Setting O_CLOEXEC ensures that file descriptors can't linger around unnecessarily in an exec()ed process which doesn't use them, making more efficient use of resources. Additionally, O_CLOEXEC is important in ensuring that untrusted exec()ed code cannot take advantage of leaked file descriptors. Test: Android compiles and boots Bug: 120983106 Change-Id: I99a66834cc6b9bb25e1b4daf75384ec6a91ae9e2 --- core/java/android/os/NativeHandle.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/core/java/android/os/NativeHandle.java b/core/java/android/os/NativeHandle.java index fbecc8ec1cd9f..f7ffc37f085ff 100644 --- a/core/java/android/os/NativeHandle.java +++ b/core/java/android/os/NativeHandle.java @@ -16,6 +16,8 @@ package android.os; +import static android.system.OsConstants.F_DUPFD_CLOEXEC; + import android.annotation.NonNull; import android.annotation.SystemApi; import android.system.ErrnoException; @@ -108,7 +110,10 @@ public final class NativeHandle implements Closeable { FileDescriptor[] fds = new FileDescriptor[mFds.length]; try { for (int i = 0; i < mFds.length; i++) { - fds[i] = Os.dup(mFds[i]); + FileDescriptor newFd = new FileDescriptor(); + int fdint = Os.fcntlInt(mFds[i], F_DUPFD_CLOEXEC, 0); + newFd.setInt$(fdint); + fds[i] = newFd; } } catch (ErrnoException e) { e.rethrowAsIOException();