Ensure STDIN/STDOUT/STDERR always exist

File descriptor confusion can result if a process is exec()d and
STDIN/STDOUT/STDERR do not exist. In those situations, the first,
second, and third files opened by the exec()d application will have FD
0, 1, and 2 respectively. Code which reads / writes to these STD* file
descriptors may end up reading / writing to unintended files.

To prevent this, guarantee that FDs 0, 1, and 2 always exist. Bionic
only currently guarantees this for AT_SECURE programs (eg, a setuid
binary, setgid binary, filesystem capabilities, or SELinux domain
transition).

Extending this to all exec()s adds robustness against this class of
bugs. Additionally, it allows a caller to do:

  close(STDIN_FILENO);
  close(STDOUT_FILENO);
  close(STDERR_FILENO);

and know that the exec()d process will reopen these file descriptors on
its own. This has the potential to simplify other parts of Android, eg
https://android-review.googlesource.com/c/platform/system/apex/+/915694

Steps to reproduce:

  sleep 100 <&- >&- 2>&- & BGPID=$! && ls -la /proc/$BGPID/fd && kill $BGPID

Expected:

  $ sleep 100 <&- >&- 2>&- & BGPID=$! && ls -la /proc/$BGPID/fd && kill $BGPID
  [1] 3154
  total 0
  dr-x------ 2 shell shell  0 1970-04-17 12:15 .
  dr-xr-xr-x 9 shell shell  0 1970-04-17 12:15 ..
  lrwx------ 1 shell shell 64 1970-04-17 12:15 0 -> /dev/null
  lrwx------ 1 shell shell 64 1970-04-17 12:15 1 -> /dev/null
  lrwx------ 1 shell shell 64 1970-04-17 12:15 2 -> /dev/null
  $
  [1] + Terminated           \sleep 100 <&- >&- 2>&-

Actual:

  $ sleep 100 <&- >&- 2>&- & BGPID=$! && ls -la /proc/$BGPID/fd && kill $BGPID
  [1] 16345
  total 0
  dr-x------ 2 shell shell 0 2019-02-28 20:22 .
  dr-xr-xr-x 9 shell shell 0 2019-02-28 20:22 ..
  $
  [1] + Terminated           \sleep 100 <&- >&- 2>&-

Test: manual (see above)
Change-Id: I3e05700a1e8ebc7fc9d192211dd9fc030cc40139

0 files changed, 0 insertions, 0 deletions