dumpstate: Close API FDs on exec
Set the external bugreport and screenshot FDs used in service API
invocations as CLOEXEC to prevent them from being inherited by incident,
which does not have SELinux permissions to access them. SELinux checks
FDs inherited by a new process and reports audit events for unauthorized
files.
Bug: 218515584
Test: adb shell am broadcast -a
com.android.internal.intent.action.BUGREPORT_REQUESTED
-f 285212672 --ei android.intent.extra.BUGREPORT_TYPE 0
and check for SELinux denials
Change-Id: I0b162f32fdff758953cf9262f85c55dc53525305
Merged-In: I69f420abf0c736149c2b03fb3ba47743dceff2d7
diff --git a/cmds/dumpstate/dumpstate.cpp b/cmds/dumpstate/dumpstate.cpp
index 24b201f..890c15f 100644
--- a/cmds/dumpstate/dumpstate.cpp
+++ b/cmds/dumpstate/dumpstate.cpp
@@ -2733,8 +2733,8 @@
const android::base::unique_fd& screenshot_fd_in,
bool is_screenshot_requested) {
// Duplicate the fds because the passed in fds don't outlive the binder transaction.
- bugreport_fd.reset(dup(bugreport_fd_in.get()));
- screenshot_fd.reset(dup(screenshot_fd_in.get()));
+ bugreport_fd.reset(fcntl(bugreport_fd_in.get(), F_DUPFD_CLOEXEC, 0));
+ screenshot_fd.reset(fcntl(screenshot_fd_in.get(), F_DUPFD_CLOEXEC, 0));
SetOptionsFromMode(bugreport_mode, this, is_screenshot_requested);
}