Set CLOEXEC on socket inherited from init
The control sockets a service inherits when spawned from init cannot
have O_CLOEXEC set, or they wouldn't be inherited.
But we don't want them to be further inherited when we are running an
RPC binder server on them, so set the flag.
This showed up in authfs_service, which inherits a socket and spawns
an authfs process, leading to a denial like this (since authfs doesn't
have the SELinux permission to access the socket):
avc: denied { read write } for pid=207 comm="authfs"
path="socket:[6436]" dev="sockfs" ino=6436 scontext=u:r:authfs:s0
tcontext=u:r:authfs_service:s0 tclass=unix_stream_socket permissive=0
The denial is harmless, but it can easily be interpreted as a sign of
a real problem.
Bug: 264496291
Test: composd_cmd --test-compile; denial no longer seen
Change-Id: I516eb07776eb78db046bc4155315cb8267cfe456
diff --git a/libs/binder/libbinder_rpc_unstable.cpp b/libs/binder/libbinder_rpc_unstable.cpp
index 78dae4b..e7943dd 100644
--- a/libs/binder/libbinder_rpc_unstable.cpp
+++ b/libs/binder/libbinder_rpc_unstable.cpp
@@ -112,6 +112,13 @@
LOG(ERROR) << "Failed to get fd for the socket:" << name;
return nullptr;
}
+ // Control socket fds are inherited from init, so they don't have O_CLOEXEC set.
+ // But we don't want any child processes to inherit the socket we are running
+ // the server on, so attempt to set the flag now.
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0) {
+ LOG(WARNING) << "Failed to set CLOEXEC on control socket with name " << name
+ << " error: " << errno;
+ }
if (status_t status = server->setupRawSocketServer(std::move(fd)); status != OK) {
LOG(ERROR) << "Failed to set up Unix Domain RPC server with name " << name
<< " error: " << statusToString(status).c_str();