Fix double close in NativeLibraryHelper.openApkFd.

Prior to this patch, we were taking the file descriptor owned by a
ParcelFileDescriptor, and passing it into ZipFileRO::openFd, which
expects to take ownership of the file descriptor, closing it upon
destruction. This leads to a double-close when the ParcelFileDescriptor
tries to close itself. Switch to passing a duped copy of the file
descriptor to ZipFileRO::openFd.

Test: `pm install foo.apk` with fdsan
Change-Id: Ida4ca4a37b82875dc4eef1f37bf2322c422fe038
(cherry-picked from commit b066087d65b720a5c9ac48f64a856284566df82f)

1 files changed, 9 insertions, 1 deletions

diff --git a/core/jni/com_android_internal_content_NativeLibraryHelper.cpp b/core/jni/com_android_internal_content_NativeLibraryHelper.cpp
index cc2646cfb7c0..dc0426987b1e 100644
--- a/core/jni/com_android_internal_content_NativeLibraryHelper.cpp
+++ b/core/jni/com_android_internal_content_NativeLibraryHelper.cpp
@@ -27,6 +27,7 @@
 
 #include <zlib.h>
 
+#include <errno.h>
 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
@@ -567,7 +568,14 @@ com_android_internal_content_NativeLibraryHelper_openApkFd(JNIEnv *env, jclass,
         return 0;
     }
 
-    ZipFileRO* zipFile = ZipFileRO::openFd(fd, debugFilePath.c_str());
+    int dupedFd = dup(fd);
+    if (dupedFd == -1) {
+        jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException",
+                             "Failed to dup FileDescriptor: %s", strerror(errno));
+        return 0;
+    }
+
+    ZipFileRO* zipFile = ZipFileRO::openFd(dupedFd, debugFilePath.c_str());
 
     return reinterpret_cast<jlong>(zipFile);
 }