Introduce api to track fd ownership in libc. Add two functions to allow objects that own a file descriptor to enforce that only they can close their file descriptor. Use them in FILE* and DIR*. Bug: http://b/110100358 Test: bionic_unit_tests Test: aosp/master boots without errors Test: treehugger Change-Id: Iecd6e8b26c62217271e0822dc3d2d7888b091a45

commit: f6e5b582604715729b09db3e36a7aeb8c24b36a4 [log] [tgz]
author: Josh Gao <jmgao@google.com> Fri Jun 01 15:30:54 2018 -0700
committer: Josh Gao <jmgao@google.com> Thu Jul 19 14:28:54 2018 -0700
tree: 1d68c449355f88a0652d3c1e2d6679b54fce1b20
parent: ad596bf4fc406c0940d0f76f6b7c4ff22ecee7ac [diff] [blame]
diff --git a/libc/bionic/fork.cpp b/libc/bionic/fork.cpp
index 33b7343..fc00207 100644
--- a/libc/bionic/fork.cpp
+++ b/libc/bionic/fork.cpp

@@ -28,6 +28,8 @@
 
 #include <unistd.h>
 
+#include <android/fdsan.h>
+
 #include "private/bionic_defs.h"
 #include "pthread_internal.h"
 
@@ -48,6 +50,11 @@
     // Update the cached pid, since clone() will not set it directly (as
     // self->tid is updated by the kernel).
     self->set_cached_pid(gettid());
+
+    // Disable fdsan post-fork, so we don't falsely trigger on processes that
+    // fork, close all of their fds blindly, and then exec.
+    android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_DISABLED);
+
     __bionic_atfork_run_child();
   } else {
     __bionic_atfork_run_parent();
commit	f6e5b582604715729b09db3e36a7aeb8c24b36a4	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Fri Jun 01 15:30:54 2018 -0700
committer	Josh Gao <jmgao@google.com>	Thu Jul 19 14:28:54 2018 -0700
tree	1d68c449355f88a0652d3c1e2d6679b54fce1b20
parent	ad596bf4fc406c0940d0f76f6b7c4ff22ecee7ac [diff] [blame]