diff options
| author | Shubham Ajmera <shubhamajmera@google.com> | 2016-10-14 16:18:06 +0100 |
|---|---|---|
| committer | Shubham Ajmera <shubhamajmera@google.com> | 2016-10-26 10:48:19 +0000 |
| commit | 60ede55d348486e848c46944a97442c2c2ee229e (patch) | |
| tree | 9ea1eb8efddfa7b210ea641c417b6f059b4c7dcb /annotations/generate_annotated_java_files.py | |
| parent | d61baf5989fd43e2ca8fcbf98684264334541470 (diff) | |
PlainSocketImpl: Create marker_fd lazily
At the class initialization time, PlainSocketImpl created a socketPair()
file descriptor which it uses to pre-close other file descriptors. In
Android, this file descriptor is created within the zygote, and leaks to
zygote's children, crossing a security boundary and generating SELinux
denials.
Rather than creating a file descriptor and never closing it, create the
file descriptor only when it's needed. This prevents the file descriptor
from leaking from zygote to zygote's children.
Another possible approach - to maintain a single file descriptor for
every process. This approach has couple of issues with it:
1) The zygote doesn't allow any open file descriptor created using
socketPair() while forking a process, therefore, it should be
dup2-ed to a whitelisted fd before the fork so that it doesn't recycle
during the fork process, and after the process, it should again have
to be a valid marker_fd. The whole process may introduce issues.
2) marker_fd will always be opened even though no socket is using it.
Bug: 27376593
Test: cts-tradefed run cts -m CtsLibcoreTestCases \
-t libcore.java.net.ConcurrentCloseTest
Change-Id: I7caee120de5f5399b767c7a5fc69ef4a20538646
Diffstat (limited to 'annotations/generate_annotated_java_files.py')
0 files changed, 0 insertions, 0 deletions