53ea9cadf6cc5f8be1c16b5b6b660cd7366fd3f0 - platform_system_netd

commit	53ea9cadf6cc5f8be1c16b5b6b660cd7366fd3f0	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Sat Jan 31 13:54:00 2015 -0800
committer	Nick Kralevich <nnk@google.com>	Sat Jan 31 13:54:00 2015 -0800
tree	f9cbb3ae0ce8872d4982e145ac6abd646b3fa8fd
parent	aea68fddd979bf6852b8aef9bc718567f9da935a [diff]

Avoid leaking file descriptors

Add O_CLOEXEC on open() calls, and SOCK_CLOEXEC on socket calls.
This avoids leaking file descriptors across execs.

Addresses the following SELinux denial:

  audit(1422740213.283:8): avc: denied { read write } for pid=2597 comm="clatd" path="socket:[6709]" dev="sockfs" ino=6709 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket

and allows the removal of some other SELinux rules which were
inappropriately added because of leaking file descriptors.

Change-Id: I9c180488ea1969d610e488f967a7276a672bb477

client/FwmarkClient.cpp[diff]
client/NetdClient.cpp[diff]
server/BandwidthController.cpp[diff]
server/NetdConstants.cpp[diff]
server/NetlinkManager.cpp[diff]
server/RouteController.cpp[diff]
server/SoftapController.cpp[diff]
server/TetherController.cpp[diff]

8 files changed

tree: f9cbb3ae0ce8872d4982e145ac6abd646b3fa8fd

client/
include/
server/