Fix file descriptor leakage in adbd
adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).
Split the fd cleanup into a separate function that is called
unconditionally.
Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
diff --git a/adb_auth_client.cpp b/adb_auth_client.cpp
index deb0a5d..5dadcd9 100644
--- a/adb_auth_client.cpp
+++ b/adb_auth_client.cpp
@@ -249,19 +249,23 @@
}
}
-void adb_auth_init(void)
-{
- int fd, ret;
-
- fd = android_get_control_socket("adbd");
- if (fd < 0) {
+void adbd_cloexec_auth_socket() {
+ int fd = android_get_control_socket("adbd");
+ if (fd == -1) {
D("Failed to get adbd socket\n");
return;
}
fcntl(fd, F_SETFD, FD_CLOEXEC);
+}
- ret = listen(fd, 4);
- if (ret < 0) {
+void adbd_auth_init(void) {
+ int fd = android_get_control_socket("adbd");
+ if (fd == -1) {
+ D("Failed to get adbd socket\n");
+ return;
+ }
+
+ if (listen(fd, 4) == -1) {
D("Failed to listen on '%d'\n", fd);
return;
}