Ensure the sockets we inherit from init are FD_CLOEXEC.
Bug: 65104811
Test: bullhead builds, boots
Test: lsof of iptables-restore doesn't show /dev/socket/netd and friends
Change-Id: I64c7c30364662147ae1b010500635f8ce21b2d0a
diff --git a/server/NetdConstants.cpp b/server/NetdConstants.cpp
index 5abdacd..82db842 100644
--- a/server/NetdConstants.cpp
+++ b/server/NetdConstants.cpp
@@ -29,6 +29,7 @@
#include <android-base/stringprintf.h>
#include <cutils/log.h>
+#include <cutils/sockets.h>
#include <logwrap/logwrap.h>
#include "Controllers.h"
@@ -164,3 +165,16 @@
if (sigprocmask(SIG_BLOCK, &mask, NULL) != 0)
ALOGW("WARNING: SIGPIPE not blocked\n");
}
+
+void setCloseOnExec(const char *sock) {
+ int fd = android_get_control_socket(sock);
+ int flags = fcntl(fd, F_GETFD, 0);
+ if (flags == -1) {
+ ALOGE("Can't get fd flags for control socket %s", sock);
+ flags = 0;
+ }
+ flags |= FD_CLOEXEC;
+ if (fcntl(fd, F_SETFD, flags) == -1) {
+ ALOGE("Can't set control socket %s to FD_CLOEXEC", sock);
+ }
+}