perfetto_hprof.cc: fix leaky file descriptors
File descriptors created without O_CLOEXEC can leak across
an exec() boundary, potentially leaking file descriptors across
security boundaries. Avoid leakage across exec() by setting the
O_CLOEXEC flag on newly created pipe() FDs.
These leakages are detectable via the android-cloexec-pipe clang
tidy check, which can be enabled by something similar to:
tidy_checks: [
"android-*",
],
See https://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-pipe.html
It's recommended that future changes be made to enable this
clang tidy check. This will avoid future regressions.
Fixes android.security.cts.FileDescriptorTest#testCLOEXEC
android.security.cts android.security.cts.FileDescriptorTest#testCLOEXEC fail:
java.lang.AssertionError: The following FDs do not have O_CLOEXEC enabled:
/proc/self/fd/32 -> "pipe:[307764]"
/proc/self/fd/34 -> "pipe:[307764]"
at org.junit.Assert.fail(Assert.java:88)
at android.security.cts.FileDescriptorTest.testCLOEXEC(FileDescriptorTest.java:88)
at java.lang.reflect.Method.invoke(Native Method)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:52)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:148)
at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:142)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:921)
Bug: 143375045
Test: cts-tradefed run cts-dev -m CtsSecurityTestCases -t android.security.cts.FileDescriptorTest\#testCLOEXEC
Change-Id: I5a5eca26c7d0a9445f263841d57bc71389b91bf8
1 file changed