Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / core / 8fcb631389123ab7f5d795ae3a36a67842b3028c
commit8fcb631389123ab7f5d795ae3a36a67842b3028c[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Jun 05 20:26:25 2014 -0700
committerNick Kralevich <nnk@google.com>Thu Jun 05 20:26:25 2014 -0700
treece995185901a545377399a3d1ff5f50b5314cc4f
parent4ca26ce8ec3436727a92eb35d1698d2ae540faef [diff]
adb: avoid leaking file descriptors

If an adb shell connection comes in while taking a screenshot,
an open pipe file descriptor will be leaked to the shell process.
This causes SELinux denials of the form:

  avc: denied { read } for path="pipe:[21838]" dev="pipefs" ino=21838 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=fifo_file permissive=0
  avc: denied { write } for path="pipe:[21838]" dev="pipefs" ino=21838 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=fifo_file permissive=0

Set O_CLOEXEC on the pipe connections, to avoid leaking them
across an exec boundary.

Bug: 15437785
Change-Id: Id2304b316bd7082d8baac246dce1f0e0e26e9197
1 file changed
tree: ce995185901a545377399a3d1ff5f50b5314cc4f
  1. adb/
  2. adf/
  3. charger/
  4. cpio/
  5. debuggerd/
  6. fastboot/
  7. fastbootd/
  8. fs_mgr/
  9. gpttool/
  10. healthd/
  11. include/
  12. init/
  13. libbacktrace/
  14. libcutils/
  15. libdiskconfig/
  16. libion/
  17. liblog/
  18. libmemtrack/
  19. libmincrypt/
  20. libnetutils/
  21. libnl_2/
  22. libpixelflinger/
  23. libsparse/
  24. libsuspend/
  25. libsync/
  26. libsysutils/
  27. libusbhost/
  28. libutils/
  29. libziparchive/
  30. libzipfile/
  31. logcat/
  32. logd/
  33. logwrapper/
  34. mkbootimg/
  35. netcfg/
  36. reboot/
  37. rootdir/
  38. run-as/
  39. sdcard/
  40. toolbox/
  41. .gitignore
  42. Android.mk
  43. CleanSpec.mk
  44. MODULE_LICENSE_APACHE2
  45. NOTICE
  46. README
  47. ThirdPartyProject.prop