commit 6595c95e1a9de0424385df0fbb3986629868efd3
author Hungming Chen <nuccachen@google.com> Wed Apr 27 05:56:13 2022 +0000
committer Nucca Chen <nuccachen@google.com> Wed Apr 27 11:03:59 2022 +0000
tree d8def309de88f571183b7951c30c2dd1e88a1c67
parent a83f91ef243d9a18fd29969eeac1b1b842e8ecfa

[CLATJ#28] ClatCoordinator: spawn clatd with flag POSIX_SPAWN_CLOEXEC_DEFAULT

Close the leaking fds before spawning a process. The leaking fds
are unused by clatd and they cause unexpected avc denials. Close
the unused fds before clatd forked.

Bug: 230071136
Bug: 212345928
Test: atest FrameworksNetTests
      manual test
      1. Connect to ipv6-only wifi.
      2. Try IPv4 traffic.
         $ ping 8.8.8.8

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/1956072

Merged-In: I4f095cccd999b7dfd7fe87032bf7de81a925a4da
Change-Id: I4f095cccd999b7dfd7fe87032bf7de81a925a4da
Signed-off-by: Nucca Chen <nuccachen@google.com>
(cherry picked from commit 4e9ab26121ce22219dc36bca8747bd13a5265c60)

service/jni/com_android_server_connectivity_ClatCoordinator.cpp

diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
index 500c696..ba836b2 100644
--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
@@ -314,7 +314,11 @@
     }
 
     // TODO: use android::base::ScopeGuard.
-    if (int ret = posix_spawnattr_setflags(&attr, POSIX_SPAWN_USEVFORK)) {
+    if (int ret = posix_spawnattr_setflags(&attr, POSIX_SPAWN_USEVFORK
+#ifdef POSIX_SPAWN_CLOEXEC_DEFAULT
+                                           | POSIX_SPAWN_CLOEXEC_DEFAULT
+#endif
+                                           )) {
         posix_spawnattr_destroy(&attr);
         throwIOException(env, "posix_spawnattr_setflags failed", ret);
         return -1;