netd: set CLOEXEC on inherited /dev/socket/netd fd
Test: on aosp_blueline no longer see iptables/ip6tables/dnsmasq/clatd with open
/dev/system/netd fd which matches environment variable ANDROID_SOCKET_netd=18.
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7dd4f53751dd36c15aa8cb9ee1651b93cffa4745
diff --git a/server/main.cpp b/server/main.cpp
index b783ce5..c209204 100644
--- a/server/main.cpp
+++ b/server/main.cpp
@@ -64,6 +64,7 @@
using android::netdutils::Stopwatch;
const char* const PID_FILE_PATH = "/data/misc/net/netd_pid";
+constexpr const char NETD_SOCKET_NAME[] = "netd";
constexpr const char DNSPROXYLISTENER_SOCKET_NAME[] = "dnsproxyd";
std::mutex android::net::gBigNetdLock;
@@ -103,8 +104,8 @@
// Before we do anything that could fork, mark CLOEXEC the UNIX sockets that we get from init.
// FrameworkListener does this on initialization as well, but we only initialize these
// components after having initialized other subsystems that can fork.
- for (const auto& sock :
- {DNSPROXYLISTENER_SOCKET_NAME, FwmarkServer::SOCKET_NAME, MDnsSdListener::SOCKET_NAME}) {
+ for (const auto& sock : {NETD_SOCKET_NAME, DNSPROXYLISTENER_SOCKET_NAME,
+ FwmarkServer::SOCKET_NAME, MDnsSdListener::SOCKET_NAME}) {
setCloseOnExec(sock);
}