commit f00fc848702b169b3b7b607f6df322c9abc90e8b
author Treehugger Robot <treehugger-gerrit@google.com> Mon Jan 09 09:34:49 2023 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jan 09 09:34:49 2023 +0000
tree afcd72ac95229bdcf9564efe91e0a10406d1d13b
parent 04124cd19366b22817092a2197282fc651eb8c11
parent 4cd0373251a9841920d26ccd6b0b50583b9ad026

Merge "Set CLOEXEC on socket inherited from init" am: 4cd0373251

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2375739

Change-Id: I7b059f805c132dd63308b854ff6cb88e1822a616
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

libs/binder/libbinder_rpc_unstable.cpp

diff --git a/libs/binder/libbinder_rpc_unstable.cpp b/libs/binder/libbinder_rpc_unstable.cpp
index 78dae4b..e7943dd 100644
--- a/libs/binder/libbinder_rpc_unstable.cpp
+++ b/libs/binder/libbinder_rpc_unstable.cpp
@@ -112,6 +112,13 @@
         LOG(ERROR) << "Failed to get fd for the socket:" << name;
         return nullptr;
     }
+    // Control socket fds are inherited from init, so they don't have O_CLOEXEC set.
+    // But we don't want any child processes to inherit the socket we are running
+    // the server on, so attempt to set the flag now.
+    if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0) {
+        LOG(WARNING) << "Failed to set CLOEXEC on control socket with name " << name
+                     << " error: " << errno;
+    }
     if (status_t status = server->setupRawSocketServer(std::move(fd)); status != OK) {
         LOG(ERROR) << "Failed to set up Unix Domain RPC server with name " << name
                    << " error: " << statusToString(status).c_str();