Fix file descriptor leakage in adbd

adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).

Split the fd cleanup into a separate function that is called
unconditionally.

Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108

1 files changed, 12 insertions, 8 deletions

diff --git a/adb/adb_auth_client.cpp b/adb/adb_auth_client.cpp
index deb0a5d..5dadcd9 100644
--- a/adb/adb_auth_client.cpp
+++ b/adb/adb_auth_client.cpp
@@ -249,19 +249,23 @@ static void adb_auth_listener(int fd, unsigned events, void *data)
     }
 }
 
-void adb_auth_init(void)
-{
-    int fd, ret;
-
-    fd = android_get_control_socket("adbd");
-    if (fd < 0) {
+void adbd_cloexec_auth_socket() {
+    int fd = android_get_control_socket("adbd");
+    if (fd == -1) {
         D("Failed to get adbd socket\n");
         return;
     }
     fcntl(fd, F_SETFD, FD_CLOEXEC);
+}
 
-    ret = listen(fd, 4);
-    if (ret < 0) {
+void adbd_auth_init(void) {
+    int fd = android_get_control_socket("adbd");
+    if (fd == -1) {
+        D("Failed to get adbd socket\n");
+        return;
+    }
+
+    if (listen(fd, 4) == -1) {
         D("Failed to listen on '%d'\n", fd);
         return;
     }