dumpstate: Close API FDs on exec

Set the external bugreport and screenshot FDs used in service API
invocations as CLOEXEC to prevent them from being inherited by incident,
which does not have SELinux permissions to access them. SELinux checks
FDs inherited by a new process and reports audit events for unauthorized
files.

Bug: 218515584
Test: adb shell am broadcast -a
  com.android.internal.intent.action.BUGREPORT_REQUESTED
  -f 285212672 --ei android.intent.extra.BUGREPORT_TYPE 0
  and check for SELinux denials
Change-Id: I0b162f32fdff758953cf9262f85c55dc53525305
Merged-In: I69f420abf0c736149c2b03fb3ba47743dceff2d7

1 files changed, 2 insertions, 2 deletions

diff --git a/cmds/dumpstate/dumpstate.cpp b/cmds/dumpstate/dumpstate.cpp
index 24b201f8ab..890c15f895 100644
--- a/cmds/dumpstate/dumpstate.cpp
+++ b/cmds/dumpstate/dumpstate.cpp
@@ -2733,8 +2733,8 @@ void Dumpstate::DumpOptions::Initialize(BugreportMode bugreport_mode,
                                         const android::base::unique_fd& screenshot_fd_in,
                                         bool is_screenshot_requested) {
     // Duplicate the fds because the passed in fds don't outlive the binder transaction.
-    bugreport_fd.reset(dup(bugreport_fd_in.get()));
-    screenshot_fd.reset(dup(screenshot_fd_in.get()));
+    bugreport_fd.reset(fcntl(bugreport_fd_in.get(), F_DUPFD_CLOEXEC, 0));
+    screenshot_fd.reset(fcntl(screenshot_fd_in.get(), F_DUPFD_CLOEXEC, 0));
 
     SetOptionsFromMode(bugreport_mode, this, is_screenshot_requested);
 }