Open iptables-restore pipes with O_CLOEXEC.
This improves security and reliability, and also avoids keeping
superflous fds open in iptables-restore processes: the pipe fds
that are dup2()d are never closed.
Bug: 28362720
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass
Change-Id: Ifb57082a6c711f0684fc37a254076e84ad097b6e
diff --git a/server/IptablesRestoreController.cpp b/server/IptablesRestoreController.cpp
index 37b94bf..88d88f6 100644
--- a/server/IptablesRestoreController.cpp
+++ b/server/IptablesRestoreController.cpp
@@ -143,9 +143,9 @@
int stdout_pipe[2];
int stderr_pipe[2];
- if (pipe2(stdin_pipe, 0) == -1 ||
- pipe2(stdout_pipe, O_NONBLOCK) == -1 ||
- pipe2(stderr_pipe, O_NONBLOCK) == -1) {
+ if (pipe2(stdin_pipe, O_CLOEXEC) == -1 ||
+ pipe2(stdout_pipe, O_NONBLOCK | O_CLOEXEC) == -1 ||
+ pipe2(stderr_pipe, O_NONBLOCK | O_CLOEXEC) == -1) {
ALOGE("pipe2() failed: %s", strerror(errno));
return nullptr;
@@ -161,16 +161,6 @@
if (child_pid.value() == 0) {
// The child process. Reads from stdin, writes to stderr and stdout.
- // stdin_pipe[1] : The write end of the stdin pipe.
- // stdout_pipe[0] : The read end of the stdout pipe.
- // stderr_pipe[0] : The read end of the stderr pipe.
- if (close(stdin_pipe[1]) == -1 ||
- close(stdout_pipe[0]) == -1 ||
- close(stderr_pipe[0]) == -1) {
-
- ALOGW("close() failed: %s", strerror(errno));
- }
-
// stdin_pipe[0] : The read end of the stdin pipe.
// stdout_pipe[1] : The write end of the stdout pipe.
// stderr_pipe[1] : The write end of the stderr pipe.