git.osdn.net Git - android-x86/system-netd.git/commit

author	Nick Kralevich <nnk@google.com>
	Sat, 31 Jan 2015 21:54:00 +0000 (13:54 -0800)
committer	Nick Kralevich <nnk@google.com>
	Sat, 31 Jan 2015 21:54:00 +0000 (13:54 -0800)
commit	53ea9cadf6cc5f8be1c16b5b6b660cd7366fd3f0
tree	f9cbb3ae0ce8872d4982e145ac6abd646b3fa8fd	tree \| snapshot
parent	aea68fddd979bf6852b8aef9bc718567f9da935a	commit \| diff

Avoid leaking file descriptors

Add O_CLOEXEC on open() calls, and SOCK_CLOEXEC on socket calls.
This avoids leaking file descriptors across execs.

Addresses the following SELinux denial:

audit(1422740213.283:8): avc: denied { read write } for pid=2597 comm="clatd" path="socket:[6709]" dev="sockfs" ino=6709 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket

and allows the removal of some other SELinux rules which were
inappropriately added because of leaking file descriptors.

Change-Id: I9c180488ea1969d610e488f967a7276a672bb477

client/FwmarkClient.cpp		diff \| blob \| history
client/NetdClient.cpp		diff \| blob \| history
server/BandwidthController.cpp		diff \| blob \| history
server/NetdConstants.cpp		diff \| blob \| history
server/NetlinkManager.cpp		diff \| blob \| history
server/RouteController.cpp		diff \| blob \| history
server/SoftapController.cpp		diff \| blob \| history
server/TetherController.cpp		diff \| blob \| history