Use ParcelFileDescriptor over FileDescriptor
The java.io.FileDescriptor object has a poor definition of ownership,
which can result in obscure use-after-close bugs. Instead, APIs should
return or accept ParcelFileDescriptor instances.
Bug: 130209137
Test: manual
Change-Id: Iad17731f34109493fc62d0ba0941998ce3ecb98c
diff --git a/binder_bindings/android/os/IUpdateEngine.aidl b/binder_bindings/android/os/IUpdateEngine.aidl
index cde05be..1305079 100644
--- a/binder_bindings/android/os/IUpdateEngine.aidl
+++ b/binder_bindings/android/os/IUpdateEngine.aidl
@@ -17,6 +17,7 @@
package android.os;
import android.os.IUpdateEngineCallback;
+import android.os.ParcelFileDescriptor;
/** @hide */
interface IUpdateEngine {
@@ -26,7 +27,7 @@
in long payload_size,
in String[] headerKeyValuePairs);
/** @hide */
- void applyPayloadFd(in FileDescriptor fd,
+ void applyPayloadFd(in ParcelFileDescriptor pfd,
in long payload_offset,
in long payload_size,
in String[] headerKeyValuePairs);
diff --git a/binder_service_android.cc b/binder_service_android.cc
index 1799438..88bc1f2 100644
--- a/binder_service_android.cc
+++ b/binder_service_android.cc
@@ -16,16 +16,15 @@
#include "update_engine/binder_service_android.h"
-#include <android-base/unique_fd.h>
#include <base/bind.h>
#include <base/logging.h>
#include <binderwrapper/binder_wrapper.h>
#include <brillo/errors/error.h>
#include <utils/String8.h>
-using android::base::unique_fd;
using android::binder::Status;
using android::os::IUpdateEngineCallback;
+using android::os::ParcelFileDescriptor;
using std::string;
using std::vector;
using update_engine::UpdateEngineStatus;
@@ -115,7 +114,7 @@
}
Status BinderUpdateEngineAndroidService::applyPayloadFd(
- const ::android::base::unique_fd& fd,
+ const ParcelFileDescriptor& pfd,
int64_t payload_offset,
int64_t payload_size,
const vector<android::String16>& header_kv_pairs) {
@@ -127,7 +126,7 @@
brillo::ErrorPtr error;
if (!service_delegate_->ApplyPayload(
- fd.get(), payload_offset, payload_size, str_headers, &error)) {
+ pfd.get(), payload_offset, payload_size, str_headers, &error)) {
return ErrorPtrToStatus(error);
}
return Status::ok();
diff --git a/binder_service_android.h b/binder_service_android.h
index ec4a93b..0dda93b 100644
--- a/binder_service_android.h
+++ b/binder_service_android.h
@@ -54,7 +54,7 @@
int64_t payload_size,
const std::vector<android::String16>& header_kv_pairs) override;
android::binder::Status applyPayloadFd(
- const ::android::base::unique_fd& fd,
+ const ::android::os::ParcelFileDescriptor& pfd,
int64_t payload_offset,
int64_t payload_size,
const std::vector<android::String16>& header_kv_pairs) override;