Remove one more use of from_raw_fd
Bug: 243500154
Test: watch TH
Change-Id: I1c39f7de23ee799490c0a76bdbc9d8f60d61b183
diff --git a/guest/microdroid_manager/src/main.rs b/guest/microdroid_manager/src/main.rs
index 990d27a..8b676b8 100644
--- a/guest/microdroid_manager/src/main.rs
+++ b/guest/microdroid_manager/src/main.rs
@@ -50,13 +50,14 @@
use rustutils::sockets::android_get_control_socket;
use rustutils::system_properties;
use rustutils::system_properties::PropertyWatcher;
+use safe_ownedfd::take_fd_ownership;
use secretkeeper_comm::data_types::ID_SIZE;
use std::borrow::Cow::{Borrowed, Owned};
use std::env;
use std::ffi::CString;
use std::fs::{self, create_dir, File, OpenOptions};
use std::io::{Read, Write};
-use std::os::unix::io::{FromRawFd, OwnedFd};
+use std::os::unix::io::OwnedFd;
use std::os::unix::process::CommandExt;
use std::os::unix::process::ExitStatusExt;
use std::path::Path;
@@ -199,13 +200,7 @@
);
info!("started.");
- // SAFETY: This is the only place we take the ownership of the fd of the vm payload service.
- //
- // To ensure that the CLOEXEC flag is set on the file descriptor as early as possible,
- // it is necessary to fetch the socket corresponding to vm_payload_service at the
- // very beginning, as android_get_control_socket() sets the CLOEXEC flag on the file
- // descriptor.
- let vm_payload_service_fd = unsafe { prepare_vm_payload_service_socket()? };
+ let vm_payload_service_fd = prepare_vm_payload_service_socket()?;
load_crashkernel_if_supported().context("Failed to load crashkernel")?;
@@ -487,22 +482,9 @@
}
/// Prepares a socket file descriptor for the vm payload service.
-///
-/// # Safety
-///
-/// The caller must ensure that this function is the only place that claims ownership
-/// of the file descriptor and it is called only once.
-unsafe fn prepare_vm_payload_service_socket() -> Result<OwnedFd> {
+fn prepare_vm_payload_service_socket() -> Result<OwnedFd> {
let raw_fd = android_get_control_socket(VM_PAYLOAD_SERVICE_SOCKET_NAME)?;
-
- // Creating OwnedFd for stdio FDs is not safe.
- if [libc::STDIN_FILENO, libc::STDOUT_FILENO, libc::STDERR_FILENO].contains(&raw_fd) {
- bail!("File descriptor {raw_fd} is standard I/O descriptor");
- }
- // SAFETY: Initializing OwnedFd for a RawFd created by the init.
- // We checked that the integer value corresponds to a valid FD and that the caller
- // ensures that this is the only place to claim its ownership.
- Ok(unsafe { OwnedFd::from_raw_fd(raw_fd) })
+ Ok(take_fd_ownership(raw_fd)?)
}
fn is_strict_boot() -> bool {