commit 58e1a816baca44e914fd74c96654f4b460943c2d
author Nick Kralevich <nnk@google.com> Fri Mar 29 18:35:22 2019 -0700
committer Nick Kralevich <nnk@google.com> Fri Mar 29 19:23:40 2019 -0700
tree a1b84c94fb7b1524202833705298cb941f590656
parent 87fcd8b36a819dcfe0a85fd5fde337dcef2160bd

VolumeManager: more O_CLOEXEC changes

Test: compiles and boots
Bug: 129350825
Change-Id: Ie6a0e05f1814d744eb16863f749c939ab1e097e0

VolumeManager.cpp

diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 2b0465e..fad59f1 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -499,7 +499,8 @@
         const std::string& sandboxId = mSandboxIds[appId];
 
         // We purposefully leave the namespace open across the fork
-        unique_fd nsFd(openat(pidFd.get(), "ns/mnt", O_RDONLY));  // not O_CLOEXEC
+        // NOLINTNEXTLINE(android-cloexec-open): Deliberately not O_CLOEXEC
+        unique_fd nsFd(openat(pidFd.get(), "ns/mnt", O_RDONLY));
         if (nsFd.get() < 0) {
             PLOG(WARNING) << "Failed to open namespace for " << de->d_name;
             continue;
@@ -640,8 +641,8 @@
             PLOG(ERROR) << "Failed to access " << obbMountDir << "/" << sandboxId;
             return -errno;
         }
-        const unique_fd fd(
-            TEMP_FAILURE_RETRY(openat(obbMountDirFd, sandboxId.c_str(), O_RDWR | O_CREAT, 0600)));
+        const unique_fd fd(TEMP_FAILURE_RETRY(
+            openat(obbMountDirFd, sandboxId.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600)));
         if (fd.get() < 0) {
             PLOG(ERROR) << "Failed to create " << obbMountDir << "/" << sandboxId;
             return -errno;