Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_art / 20d57d121a6f072484eb34b2f641136d9aff2077^! / .
commit20d57d121a6f072484eb34b2f641136d9aff2077[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Jan 31 12:54:35 2020 -0800
committerTreehugger Robot <treehugger-gerrit@google.com>Mon Feb 03 10:45:00 2020 +0000
tree2ff2f17681ee74b5abc2e2582a5837277a8576d3
parentdd14a3d77abef167a18b8ad81f7ebb4d932c74a0 [diff]
perfetto_hprof.cc: fix leaky file descriptors

File descriptors created without O_CLOEXEC can leak across
an exec() boundary, potentially leaking file descriptors across
security boundaries. Avoid leakage across exec() by setting the
O_CLOEXEC flag on newly created pipe() FDs.

These leakages are detectable via the android-cloexec-pipe clang
tidy check, which can be enabled by something similar to:

    tidy_checks: [
        "android-*",
    ],

See https://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-pipe.html

It's recommended that future changes be made to enable this
clang tidy check. This will avoid future regressions.

Fixes android.security.cts.FileDescriptorTest#testCLOEXEC

  android.security.cts android.security.cts.FileDescriptorTest#testCLOEXEC fail:
  java.lang.AssertionError: The following FDs do not have O_CLOEXEC enabled:
    /proc/self/fd/32 -> "pipe:[307764]"
    /proc/self/fd/34 -> "pipe:[307764]"

      at org.junit.Assert.fail(Assert.java:88)
      at android.security.cts.FileDescriptorTest.testCLOEXEC(FileDescriptorTest.java:88)
      at java.lang.reflect.Method.invoke(Native Method)
      at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
      at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
      at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:52)
      at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
      at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:148)
      at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:142)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at java.lang.Thread.run(Thread.java:921)

Bug: 143375045
Test: cts-tradefed run cts-dev -m CtsSecurityTestCases -t android.security.cts.FileDescriptorTest\#testCLOEXEC
Change-Id: I5a5eca26c7d0a9445f263841d57bc71389b91bf8

diff --git a/perfetto_hprof/perfetto_hprof.cc b/perfetto_hprof/perfetto_hprof.cc
index 4f20094..3337279 100644
--- a/perfetto_hprof/perfetto_hprof.cc
+++ b/perfetto_hprof/perfetto_hprof.cc

@@ -522,7 +522,7 @@
     g_state = State::kWaitForListener;
   }
 
-  if (pipe(g_signal_pipe_fds) == -1) {
+  if (pipe2(g_signal_pipe_fds, O_CLOEXEC) == -1) {
     PLOG(ERROR) << "Failed to pipe";
     return false;
   }