vold: cleanups for O_CLOEXEC tidy checks.

Bug: 129350825
Test: compiles and boots
Change-Id: I83a484ca15df1b757b670008f15af5504bc94df1

diff --git a/AppFuseUtil.cpp b/AppFuseUtil.cpp
index ba82ba5..c491ecd 100644 (file)
--- a/AppFuseUtil.cpp
+++ b/AppFuseUtil.cpp
@@ -123,7 +123,8 @@ int MountAppFuse(uid_t uid, int mountId, android::base::unique_fd* device_fd) {
     }
 
     // Open device FD.
-    device_fd->reset(open("/dev/fuse", O_RDWR));  // not O_CLOEXEC
+    // NOLINTNEXTLINE(android-cloexec-open): Deliberately not O_CLOEXEC
+    device_fd->reset(open("/dev/fuse", O_RDWR));
     if (device_fd->get() == -1) {
         PLOG(ERROR) << "Failed to open /dev/fuse";
         return -1;

diff --git a/Checkpoint.cpp b/Checkpoint.cpp
index 8605b6a..370b235 100644 (file)
--- a/Checkpoint.cpp
+++ b/Checkpoint.cpp
@@ -575,7 +575,7 @@ Status cp_restoreCheckpoint(const std::string& blockDevice, int restore_limit) {
         Status status = Status::ok();
 
         LOG(INFO) << action << " checkpoint on " << blockDevice;
-        base::unique_fd device_fd(open(blockDevice.c_str(), O_RDWR));
+        base::unique_fd device_fd(open(blockDevice.c_str(), O_RDWR | O_CLOEXEC));
         if (device_fd < 0) {
             PLOG(ERROR) << "Cannot open " << blockDevice;
             return Status::fromExceptionCode(errno, ("Cannot open " + blockDevice).c_str());

diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 51eec8a..897c2a8 100644 (file)
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -500,7 +500,8 @@ int VolumeManager::remountUid(uid_t uid, const std::string& mode) {
         }
 
         // We purposefully leave the namespace open across the fork
-        nsFd = openat(pidFd, "ns/mnt", O_RDONLY);  // not O_CLOEXEC
+        // NOLINTNEXTLINE(android-cloexec-open): Deliberately not O_CLOEXEC
+        nsFd = openat(pidFd, "ns/mnt", O_RDONLY);
         if (nsFd < 0) {
             PLOG(WARNING) << "Failed to open namespace for " << de->d_name;
             goto next;

diff --git a/secdiscard.cpp b/secdiscard.cpp
index cb2eca9..0ff05d6 100644 (file)
--- a/secdiscard.cpp
+++ b/secdiscard.cpp
@@ -75,7 +75,8 @@ int main(int argc, const char* const argv[]) {
 #define F2FS_IOC_SET_PIN_FILE _IOW(F2FS_IOCTL_MAGIC, 13, __u32)
 #define F2FS_IOC_GET_PIN_FILE _IOR(F2FS_IOCTL_MAGIC, 14, __u32)
 #endif
-        android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(target.c_str(), O_WRONLY, 0)));
+        android::base::unique_fd fd(
+            TEMP_FAILURE_RETRY(open(target.c_str(), O_WRONLY | O_CLOEXEC, 0)));
         if (fd == -1) {
             LOG(ERROR) << "Secure discard open failed for: " << target;
             return 0;