NativeHandle.java: dup() with O_CLOEXEC
Don't use Os.dup(), as it creates file handles which leak across exec()
boundaries. Instead, use fcntl(F_DUPFD_CLOEXEC);
O_CLOEXEC is essential for ensuring that file descriptors do not leak
across an exec() boundary. Setting O_CLOEXEC ensures that file
descriptors can't linger around unnecessarily in an exec()ed process
which doesn't use them, making more efficient use of resources.
Additionally, O_CLOEXEC is important in ensuring that untrusted
exec()ed code cannot take advantage of leaked file descriptors.
Test: Android compiles and boots
Bug: 120983106
Change-Id: I99a66834cc6b9bb25e1b4daf75384ec6a91ae9e2
diff --git a/core/java/android/os/NativeHandle.java b/core/java/android/os/NativeHandle.java
index fbecc8e..f7ffc37 100644
--- a/core/java/android/os/NativeHandle.java
+++ b/core/java/android/os/NativeHandle.java
@@ -16,6 +16,8 @@
package android.os;
+import static android.system.OsConstants.F_DUPFD_CLOEXEC;
+
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.system.ErrnoException;
@@ -108,7 +110,10 @@
FileDescriptor[] fds = new FileDescriptor[mFds.length];
try {
for (int i = 0; i < mFds.length; i++) {
- fds[i] = Os.dup(mFds[i]);
+ FileDescriptor newFd = new FileDescriptor();
+ int fdint = Os.fcntlInt(mFds[i], F_DUPFD_CLOEXEC, 0);
+ newFd.setInt$(fdint);
+ fds[i] = newFd;
}
} catch (ErrnoException e) {
e.rethrowAsIOException();