tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Spread around some O_CLOEXEC love.

Browse source 
Also remove some unnecessary SELinux logic when creating image files
for loop devices.

Test: builds, boots, common operations work
Bug: 34903607
Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
This commit is contained in:
Jeff Sharkey 2017-03-27 10:49:21 -06:00
parent 9f912b8cc4
commit fd3dc3c076
7 changed files with 23 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
CommandListener.cpp
View file

@ -36,6 +36,7 @@
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/unique_fd.h>
#include <cutils/fs.h>
#include <sysutils/SocketClient.h>
@ -54,6 +55,8 @@
#define DUMP_ARGS 0
#define DEBUG_APPFUSE 0
using android::base::unique_fd;
CommandListener::CommandListener() :
FrameworkListener("vold", true) {
registerCmd(new DumpCmd());
@ -120,7 +123,7 @@ int CommandListener::DumpCmd::runCommand(SocketClient *cli,
cli->sendMsg(ResponseCode::CommandOkay, "Devmapper dump failed", true);
}
cli->sendMsg(0, "Dumping mounted filesystems", false);
FILE *fp = fopen("/proc/mounts", "r");
FILE *fp = fopen("/proc/mounts", "re");
if (fp) {
char line[1024];
while (fgets(line, sizeof(line), fp)) {
@ -680,16 +683,16 @@ static android::status_t runCommandInNamespace(const std::string& command,
<< " in namespace " << uid;
}
const android::vold::ScopedDir dir(opendir("/proc"));
if (dir.get() == nullptr) {
unique_fd dir(open("/proc", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
if (dir.get() == -1) {
PLOG(ERROR) << "Failed to open /proc";
return -errno;
}
// Obtains process file descriptor.
const std::string pid_str = android::base::StringPrintf("%d", pid);
const android::vold::ScopedFd pid_fd(
openat(dirfd(dir.get()), pid_str.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC));
const unique_fd pid_fd(
openat(dir.get(), pid_str.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC));
if (pid_fd.get() == -1) {
PLOG(ERROR) << "Failed to open /proc/" << pid;
return -errno;
@ -715,7 +718,7 @@ static android::status_t runCommandInNamespace(const std::string& command,
char rootName[PATH_MAX];
char pidName[PATH_MAX];
const int root_result =
android::vold::SaneReadLinkAt(dirfd(dir.get()), "1/ns/mnt", rootName, PATH_MAX);
android::vold::SaneReadLinkAt(dir.get(), "1/ns/mnt", rootName, PATH_MAX);
const int pid_result =
android::vold::SaneReadLinkAt(pid_fd.get(), "ns/mnt", pidName, PATH_MAX);
if (root_result == -1) {
@ -733,7 +736,7 @@ static android::status_t runCommandInNamespace(const std::string& command,
}
// We purposefully leave the namespace open across the fork
android::vold::ScopedFd ns_fd(openat(pid_fd.get(), "ns/mnt", O_RDONLY));
unique_fd ns_fd(openat(pid_fd.get(), "ns/mnt", O_RDONLY)); // not O_CLOEXEC
if (ns_fd.get() < 0) {
PLOG(ERROR) << "Failed to open namespace for /proc/" << pid << "/ns/mnt";
return -errno;
@ -811,7 +814,7 @@ int CommandListener::AppFuseCmd::runCommand(SocketClient *cli, int argc, char **
}
// Open device FD.
android::vold::ScopedFd device_fd(open("/dev/fuse", O_RDWR));
unique_fd device_fd(open("/dev/fuse", O_RDWR)); // not O_CLOEXEC
if (device_fd.get() == -1) {
PLOG(ERROR) << "Failed to open /dev/fuse";
return sendGenericOkFail(cli, -errno);

32
Loop.cpp
View file

@ -237,7 +237,7 @@ int Loop::create(const char *id, const char *loopFile, char *loopDeviceBuffer, s
}
int Loop::create(const std::string& target, std::string& out_device) {
unique_fd ctl_fd(open("/dev/loop-control", O_RDWR));
unique_fd ctl_fd(open("/dev/loop-control", O_RDWR | O_CLOEXEC));
if (ctl_fd.get() == -1) {
PLOG(ERROR) << "Failed to open loop-control";
return -errno;
@ -251,12 +251,12 @@ int Loop::create(const std::string& target, std::string& out_device) {
out_device = StringPrintf("/dev/block/loop%d", num);
unique_fd target_fd(open(target.c_str(), O_RDWR));
unique_fd target_fd(open(target.c_str(), O_RDWR | O_CLOEXEC));
if (target_fd.get() == -1) {
PLOG(ERROR) << "Failed to open " << target;
return -errno;
}
unique_fd device_fd(open(out_device.c_str(), O_RDWR));
unique_fd device_fd(open(out_device.c_str(), O_RDWR | O_CLOEXEC));
if (device_fd.get() == -1) {
PLOG(ERROR) << "Failed to open " << out_device;
return -errno;
@ -295,37 +295,19 @@ int Loop::destroyByFile(const char * /*loopFile*/) {
}
int Loop::createImageFile(const char *file, unsigned long numSectors) {
int res = 0;
char* secontext = nullptr;
if (sehandle) {
if (!selabel_lookup(sehandle, &secontext, file, S_IFREG)) {
setfscreatecon(secontext);
}
}
unique_fd fd(creat(file, 0600));
unique_fd fd(open(file, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 0600));
if (fd.get() == -1) {
PLOG(ERROR) << "Failed to create image " << file;
res = -errno;
goto done;
return -errno;
}
if (fallocate(fd.get(), 0, 0, numSectors * 512) == -1) {
PLOG(WARNING) << "Failed to fallocate; falling back to ftruncate";
if (ftruncate(fd, numSectors * 512) == -1) {
PLOG(ERROR) << "Failed to ftruncate";
res = -errno;
return -errno;
}
}
done:
if (secontext) {
setfscreatecon(nullptr);
freecon(secontext);
}
return res;
return 0;
}
int Loop::resizeImageFile(const char *file, unsigned long numSectors) {

2
Process.cpp
View file

@ -130,7 +130,7 @@ int Process::checkFileMaps(int pid, const char *mountPoint, char *openFilename,
char buffer[PATH_MAX + 100];
snprintf(buffer, sizeof(buffer), "/proc/%d/maps", pid);
file = fopen(buffer, "r");
file = fopen(buffer, "re");
if (!file)
return 0;

18
Utils.cpp
View file

@ -483,7 +483,7 @@ int64_t calculate_dir_size(int dfd) {
continue;
}
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
if (subfd >= 0) {
size += calculate_dir_size(subfd);
}
@ -494,7 +494,7 @@ int64_t calculate_dir_size(int dfd) {
}
uint64_t GetTreeBytes(const std::string& path) {
int dirfd = open(path.c_str(), O_DIRECTORY, O_RDONLY);
int dirfd = open(path.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC);
if (dirfd < 0) {
PLOG(WARNING) << "Failed to open " << path;
return -1;
@ -668,20 +668,6 @@ status_t SaneReadLinkAt(int dirfd, const char* path, char* buf, size_t bufsiz) {
}
}
ScopedFd::ScopedFd(int fd) : fd_(fd) {}
ScopedFd::~ScopedFd() {
close(fd_);
}
ScopedDir::ScopedDir(DIR* dir) : dir_(dir) {}
ScopedDir::~ScopedDir() {
if (dir_ != nullptr) {
closedir(dir_);
}
}
bool IsRunningInEmulator() {
return property_get_bool("ro.kernel.qemu", 0);
}

20
Utils.h
View file

@ -115,26 +115,6 @@ status_t RestoreconRecursive(const std::string& path);
status_t SaneReadLinkAt(int dirfd, const char* path, char* buf, size_t bufsiz);
class ScopedFd {
const int fd_;
public:
ScopedFd(int fd);
~ScopedFd();
int get() const { return fd_; }
DISALLOW_COPY_AND_ASSIGN(ScopedFd);
};
class ScopedDir {
DIR* const dir_;
public:
ScopedDir(DIR* dir);
~ScopedDir();
DIR* get() const { return dir_; }
DISALLOW_COPY_AND_ASSIGN(ScopedDir);
};
/* Checks if Android is running in QEMU */
bool IsRunningInEmulator();

2
VolumeManager.cpp
View file

@ -617,7 +617,7 @@ int VolumeManager::remountUid(uid_t uid, const std::string& mode) {
}
// We purposefully leave the namespace open across the fork
nsFd = openat(pidFd, "ns/mnt", O_RDONLY);
nsFd = openat(pidFd, "ns/mnt", O_RDONLY); // not O_CLOEXEC
if (nsFd < 0) {
PLOG(WARNING) << "Failed to open namespace for " << de->d_name;
goto next;

2
main.cpp
View file

@ -192,7 +192,7 @@ static void do_coldboot(DIR *d, int lvl) {
if (de->d_type != DT_DIR && lvl > 0)
continue;
fd = openat(dfd, de->d_name, O_RDONLY | O_DIRECTORY);
fd = openat(dfd, de->d_name, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
if(fd < 0)
continue;