commit 2867dd3e838fb4deb71f335a15e0c9dc2d617240
author Jiyong Park <jiyong@google.com> Tue Aug 27 16:48:30 2024 +0900
committer Jiyong Park <jiyong@google.com> Tue Aug 27 16:49:24 2024 +0900
tree 233ac3d4c1a417baed8cb452e21b39184faed33f
parent 908652a467f2da69a424c64d13d1f4e7c1cccdd3

Don't use unsafe raw_from_fd

Bug: 243500154
Test: m microfuchiad
Change-Id: Iba99fe0b334fc89d353e8813ea001d5762703e56

libs/libsafe_ownedfd/Android.bp

diff --git a/libs/libsafe_ownedfd/Android.bp b/libs/libsafe_ownedfd/Android.bp
index 1f14578..53e14dc 100644
--- a/libs/libsafe_ownedfd/Android.bp
+++ b/libs/libsafe_ownedfd/Android.bp
@@ -18,6 +18,7 @@
     defaults: ["libsafe_ownedfd.defaults"],
     apex_available: [
         "com.android.compos",
+        "com.android.microfuchsia",
         "com.android.virt",
     ],
 }

microfuchsia/microfuchsiad/Android.bp

diff --git a/microfuchsia/microfuchsiad/Android.bp b/microfuchsia/microfuchsiad/Android.bp
index ddf360d..ab3f865 100644
--- a/microfuchsia/microfuchsiad/Android.bp
+++ b/microfuchsia/microfuchsiad/Android.bp
@@ -15,8 +15,9 @@
         "libandroid_logger",
         "libanyhow",
         "libbinder_rs",
-        "liblog_rust",
         "liblibc",
+        "liblog_rust",
+        "libsafe_ownedfd",
         "libvmclient",
     ],
     apex_available: [

microfuchsia/microfuchsiad/src/instance_starter.rs

diff --git a/microfuchsia/microfuchsiad/src/instance_starter.rs b/microfuchsia/microfuchsiad/src/instance_starter.rs
index 15fcc06..6688447 100644
--- a/microfuchsia/microfuchsiad/src/instance_starter.rs
+++ b/microfuchsia/microfuchsiad/src/instance_starter.rs
@@ -23,9 +23,10 @@
 use anyhow::{ensure, Context, Result};
 use binder::{LazyServiceGuard, ParcelFileDescriptor};
 use log::info;
+use safe_ownedfd::take_fd_ownership;
 use std::ffi::CStr;
 use std::fs::File;
-use std::os::fd::FromRawFd;
+use std::os::fd::AsRawFd;
 use vmclient::VmInstance;
 
 pub struct MicrofuchsiaInstance {
@@ -133,6 +134,7 @@
             "failed to openpty"
         );
     }
+    let leader = take_fd_ownership(leader)?;
 
     // SAFETY: calling these libc functions with valid+initialized variables is safe.
     unsafe {
@@ -145,24 +147,25 @@
             c_line: 0,
             c_cc: [0u8; 19],
         };
-        ensure!(libc::tcgetattr(leader, &mut attr) == 0, "failed to get termios attributes");
+        ensure!(
+            libc::tcgetattr(leader.as_raw_fd(), &mut attr) == 0,
+            "failed to get termios attributes"
+        );
 
         // Force it to be a raw pty and re-set it.
         libc::cfmakeraw(&mut attr);
         ensure!(
-            libc::tcsetattr(leader, libc::TCSANOW, &attr) == 0,
+            libc::tcsetattr(leader.as_raw_fd(), libc::TCSANOW, &attr) == 0,
             "failed to set termios attributes"
         );
     }
 
     // Construct the return value.
-    // SAFETY: The file descriptors are valid because openpty returned without error (above).
-    let leader = unsafe { File::from_raw_fd(leader) };
     let follower_name: Vec<u8> = follower_name.iter_mut().map(|x| *x as _).collect();
     let follower_name = CStr::from_bytes_until_nul(&follower_name)
         .context("pty filename missing NUL")?
         .to_str()
         .context("pty filename invalid utf8")?
         .to_string();
-    Ok(Pty { leader, follower_name })
+    Ok(Pty { leader: File::from(leader), follower_name })
 }