commit 88ca23c28fca905b3771eefd6fc9980232004359
author Hungming Chen <nuccachen@google.com> Fri Jan 21 21:20:45 2022 +0800
committer Nucca Chen <nuccachen@google.com> Wed Apr 27 05:25:22 2022 +0000
tree 731fb90fc26507839f8cf500232a3136ae5d887f
parent 91c0bcba04661af4f0041939f4f0a1a86dff9a11

[CLATJ#28] ClatCoordinator: spawn clatd with flag POSIX_SPAWN_CLOEXEC_DEFAULT

Close the leaking fds before spawning a process. The leaking fds
are unused by clatd and they cause unexpected avc denials. Close
the unused fds before clatd forked.

Bug: 230071136
Bug: 212345928
Test: atest FrameworksNetTests
      manual test
      1. Connect to ipv6-only wifi.
      2. Try IPv4 traffic.
         $ ping 8.8.8.8

Change-Id: I4f095cccd999b7dfd7fe87032bf7de81a925a4da

service/jni/com_android_server_connectivity_ClatCoordinator.cpp

diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
index 500c696..ba836b2 100644
--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
@@ -314,7 +314,11 @@
     }
 
     // TODO: use android::base::ScopeGuard.
-    if (int ret = posix_spawnattr_setflags(&attr, POSIX_SPAWN_USEVFORK)) {
+    if (int ret = posix_spawnattr_setflags(&attr, POSIX_SPAWN_USEVFORK
+#ifdef POSIX_SPAWN_CLOEXEC_DEFAULT
+                                           | POSIX_SPAWN_CLOEXEC_DEFAULT
+#endif
+                                           )) {
         posix_spawnattr_destroy(&attr);
         throwIOException(env, "posix_spawnattr_setflags failed", ret);
         return -1;