diff options
| author | Nick Kralevich <nnk@google.com> | 2014-06-05 20:26:25 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-06-05 20:26:25 -0700 |
| commit | 8fcb631389123ab7f5d795ae3a36a67842b3028c (patch) | |
| tree | ce995185901a545377399a3d1ff5f50b5314cc4f | |
| parent | 4ca26ce8ec3436727a92eb35d1698d2ae540faef (diff) | |
| download | system_core-8fcb631389123ab7f5d795ae3a36a67842b3028c.zip system_core-8fcb631389123ab7f5d795ae3a36a67842b3028c.tar.gz system_core-8fcb631389123ab7f5d795ae3a36a67842b3028c.tar.bz2 | |
adb: avoid leaking file descriptors
If an adb shell connection comes in while taking a screenshot,
an open pipe file descriptor will be leaked to the shell process.
This causes SELinux denials of the form:
avc: denied { read } for path="pipe:[21838]" dev="pipefs" ino=21838 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=fifo_file permissive=0
avc: denied { write } for path="pipe:[21838]" dev="pipefs" ino=21838 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=fifo_file permissive=0
Set O_CLOEXEC on the pipe connections, to avoid leaking them
across an exec boundary.
Bug: 15437785
Change-Id: Id2304b316bd7082d8baac246dce1f0e0e26e9197
| -rw-r--r-- | adb/framebuffer_service.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/adb/framebuffer_service.c b/adb/framebuffer_service.c index fa7fd98..8cbe840 100644 --- a/adb/framebuffer_service.c +++ b/adb/framebuffer_service.c @@ -61,7 +61,7 @@ void framebuffer_service(int fd, void *cookie) int w, h, f; int fds[2]; - if (pipe(fds) < 0) goto pipefail; + if (pipe2(fds, O_CLOEXEC) < 0) goto pipefail; pid_t pid = fork(); if (pid < 0) goto done; |