From a2c45e2dd81aa8ecc0100c0649a1915613d46229 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson Date: Fri, 25 May 2018 20:12:27 -0400 Subject: [PATCH] Use cloexec everywhere Signed-off-by: Andrew Gunnerson --- bootimgtool/bootimgtool.cpp | 14 +++++-- devicesgen/devicesgen.cpp | 2 +- examples/libmbpatcher_test.cpp | 2 +- libmbdevice/schemas2cpp.cpp | 6 +-- libmbutil/src/cmdline.cpp | 41 ++++--------------- libmbutil/src/copy.cpp | 10 +++-- libmbutil/src/file.cpp | 22 +++++----- libmbutil/src/fstab.cpp | 4 +- libmbutil/src/hash.cpp | 2 +- libmbutil/src/loopdev.cpp | 8 ++-- libmbutil/src/mount.cpp | 4 +- libmbutil/src/properties.cpp | 4 +- libmbutil/src/selinux.cpp | 8 ++-- libmbutil/src/vibrate.cpp | 2 +- mbbootui/data.cpp | 8 ++-- mbbootui/gui/pages.cpp | 2 +- mbbootui/gui/terminal.cpp | 1 + mbbootui/infomanager.cpp | 4 +- mbbootui/main.cpp | 1 + mbbootui/minuitwrp/backend/backend_drm.cpp | 2 +- mbbootui/minuitwrp/backend/backend_fbdev.cpp | 6 +-- .../minuitwrp/backend/backend_overlay.cpp | 12 +++--- mbbootui/minuitwrp/events.cpp | 2 +- mbbootui/minuitwrp/graphics_utils.cpp | 2 +- mbbootui/minuitwrp/resources.cpp | 8 ++-- mbbootui/minzip/SysUtil.c | 6 +-- mbbootui/twrp-functions.cpp | 2 +- mbtool/bootimg_util.cpp | 4 +- mbtool/daemon.cpp | 3 +- mbtool/emergency.cpp | 2 +- mbtool/init.cpp | 20 ++++----- mbtool/initwrapper/util.cpp | 1 + mbtool/installer.cpp | 1 + mbtool/mount_fstab.cpp | 2 +- mbtool/ramdisk_patcher.cpp | 4 +- mbtool/rom_installer.cpp | 5 ++- mbtool/romconfig.cpp | 4 +- odinupdater/fuse-sparse.cpp | 2 +- odinupdater/odinupdater.cpp | 2 +- 39 files changed, 110 insertions(+), 125 deletions(-) diff --git a/bootimgtool/bootimgtool.cpp b/bootimgtool/bootimgtool.cpp index 8529298c8..b42747048 100644 --- a/bootimgtool/bootimgtool.cpp +++ b/bootimgtool/bootimgtool.cpp @@ -80,6 +80,12 @@ #define IMAGE_RPM "rpm" #define IMAGE_APPSBL "appsbl" +#ifdef _WIN32 +# define CLOEXEC_FLAG "N" +#else +# define CLOEXEC_FLAG "e" +#endif + namespace rj = rapidjson; @@ -402,7 +408,7 @@ static bool read_header(const std::string &path, Header &header) static const char *fmt_unsupported = "Ignoring unsupported key for boot image type: '%s'\n"; - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rb" CLOEXEC_FLAG), fclose); if (!fp) { fprintf(stderr, "%s: Failed to open for reading: %s\n", path.c_str(), strerror(errno)); @@ -506,7 +512,7 @@ static bool write_header(const std::string &path, const Header &header) absolute_to_offset(base, kernel_offset, ramdisk_offset, second_offset, tags_offset); - ScopedFILE fp(fopen(path.c_str(), "wb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "wb" CLOEXEC_FLAG), fclose); if (!fp) { fprintf(stderr, "%s: Failed to open for writing: %s\n", path.c_str(), strerror(errno)); @@ -573,7 +579,7 @@ static bool write_header(const std::string &path, const Header &header) static bool write_data_file_to_entry(const std::string &path, Writer &writer) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rb" CLOEXEC_FLAG), fclose); if (!fp) { // Entries are optional if (errno == ENOENT) { @@ -613,7 +619,7 @@ static bool write_data_file_to_entry(const std::string &path, Writer &writer) static bool write_data_entry_to_file(const std::string &path, Reader &reader) { - ScopedFILE fp(fopen(path.c_str(), "wb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "wb" CLOEXEC_FLAG), fclose); if (!fp) { fprintf(stderr, "%s: Failed to open for writing: %s\n", path.c_str(), strerror(errno)); diff --git a/devicesgen/devicesgen.cpp b/devicesgen/devicesgen.cpp index 13e35aff1..745f65eaf 100644 --- a/devicesgen/devicesgen.cpp +++ b/devicesgen/devicesgen.cpp @@ -219,7 +219,7 @@ int main(int argc, char *argv[]) FILE *fp = stdout; if (output_file) { - fp = fopen(output_file, "w"); + fp = fopen(output_file, "we"); if (!fp) { fprintf(stderr, "%s: Failed to open file: %s\n", output_file, strerror(errno)); diff --git a/examples/libmbpatcher_test.cpp b/examples/libmbpatcher_test.cpp index cd98fe124..0f4746ea4 100644 --- a/examples/libmbpatcher_test.cpp +++ b/examples/libmbpatcher_test.cpp @@ -45,7 +45,7 @@ class BasicLogger : public mb::log::BaseLogger static bool file_read_all(const std::string &path, std::vector &data_out) { - FILE *fp = fopen(path.c_str(), "rb"); + FILE *fp = fopen(path.c_str(), "rbe"); if (!fp) { return false; } diff --git a/libmbdevice/schemas2cpp.cpp b/libmbdevice/schemas2cpp.cpp index d65b832d8..98cb39b26 100644 --- a/libmbdevice/schemas2cpp.cpp +++ b/libmbdevice/schemas2cpp.cpp @@ -277,7 +277,7 @@ int main(int argc, char *argv[]) std::vector> results; for (int i = optind; i < argc; ++i) { - ScopedFILE fp(fopen(argv[i], "r"), &fclose); + ScopedFILE fp(fopen(argv[i], "re"), &fclose); if (!fp) { fprintf(stderr, "%s: Failed to open for reading: %s\n", argv[i], strerror(errno)); @@ -305,7 +305,7 @@ int main(int argc, char *argv[]) // Write cpp file { - ScopedFILE fp(fopen(output_path, "w"), &fclose); + ScopedFILE fp(fopen(output_path, "we"), &fclose); if (!fp) { fprintf(stderr, "%s: Failed to open for writing: %s\n", output_path, strerror(errno)); @@ -339,7 +339,7 @@ int main(int argc, char *argv[]) } hpp_path += ".h"; - ScopedFILE fp(fopen(hpp_path.c_str(), "w"), &fclose); + ScopedFILE fp(fopen(hpp_path.c_str(), "we"), &fclose); if (!fp) { fprintf(stderr, "%s: Failed to open for writing: %s\n", hpp_path.c_str(), strerror(errno)); diff --git a/libmbutil/src/cmdline.cpp b/libmbutil/src/cmdline.cpp index 5fdbc4f37..cd16f786f 100644 --- a/libmbutil/src/cmdline.cpp +++ b/libmbutil/src/cmdline.cpp @@ -19,49 +19,23 @@ #include "mbutil/cmdline.h" -#include -#include - -#include "mbcommon/error_code.h" -#include "mbcommon/finally.h" #include "mbcommon/string.h" +#include "mbutil/file.h" + namespace mb::util { oc::result kernel_cmdline() { - std::string args; - - { - int fd = open("/proc/cmdline", O_RDONLY); - if (fd < 0) { - return ec_from_errno(); - } - - auto close_fd = finally([&fd] { - close(fd); - }); - - char buf[10240]; - - while (true) { - ssize_t n = read(fd, buf, sizeof(buf)); - if (n < 0) { - return ec_from_errno(); - } else if (n == 0) { - break; - } else { - args.insert(args.end(), buf, buf + n); - } - } - } + OUTCOME_TRY(data, file_read_all("/proc/cmdline")); - if (!args.empty() && args.back() == '\n') { - args.pop_back(); + if (!data.empty() && data.back() == '\n') { + data.pop_back(); } + std::string_view args(reinterpret_cast(data.data()), data.size()); KernelCmdlineArgs result; for (auto const &item : split_sv(args, " ")) { @@ -69,8 +43,7 @@ oc::result kernel_cmdline() continue; } - auto pos = item.find('='); - if (pos != std::string_view::npos) { + if (auto pos = item.find('='); pos != std::string_view::npos) { result.emplace(item.substr(0, pos), item.substr(pos + 1)); } else { result.emplace(item, std::nullopt); diff --git a/libmbutil/src/copy.cpp b/libmbutil/src/copy.cpp index 956769e02..c4afba6d1 100644 --- a/libmbutil/src/copy.cpp +++ b/libmbutil/src/copy.cpp @@ -74,7 +74,7 @@ oc::result copy_data_fd(int fd_source, int fd_target) static FileOpResult copy_data(const std::string &source, const std::string &target) { - int fd_source = open(source.c_str(), O_RDONLY); + int fd_source = open(source.c_str(), O_RDONLY | O_CLOEXEC); if (fd_source < 0) { return FileOpErrorInfo{source, ec_from_errno()}; } @@ -83,7 +83,8 @@ static FileOpResult copy_data(const std::string &source, close(fd_source); }); - int fd_target = open(target.c_str(), O_WRONLY | O_CREAT | O_EXCL, 0666); + int fd_target = open(target.c_str(), + O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, 0666); if (fd_target < 0) { return FileOpErrorInfo{target, ec_from_errno()}; } @@ -184,7 +185,7 @@ FileOpResult copy_stat(const std::string &source, FileOpResult copy_contents(const std::string &source, const std::string &target) { - int fd_source = open(source.c_str(), O_RDONLY); + int fd_source = open(source.c_str(), O_RDONLY | O_CLOEXEC); if (fd_source < 0) { return FileOpErrorInfo{source, ec_from_errno()}; } @@ -193,7 +194,8 @@ FileOpResult copy_contents(const std::string &source, close(fd_source); }); - int fd_target = open(target.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666); + int fd_target = open(target.c_str(), + O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, 0666); if (fd_target < 0) { return FileOpErrorInfo{target, ec_from_errno()}; } diff --git a/libmbutil/src/file.cpp b/libmbutil/src/file.cpp index e1c1548ce..743efe139 100644 --- a/libmbutil/src/file.cpp +++ b/libmbutil/src/file.cpp @@ -52,15 +52,13 @@ using ScopedFILE = std::unique_ptr; */ oc::result create_empty_file(const std::string &path) { - int fd; - if ((fd = open(path.c_str(), O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | - S_IRGRP | S_IWGRP | - S_IROTH | S_IWOTH)) < 0) { + if (int fd = open(path.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0666); + fd >= 0) { + close(fd); + return oc::success(); + } else { return ec_from_errno(); } - - close(fd); - return oc::success(); } /*! @@ -75,7 +73,7 @@ oc::result create_empty_file(const std::string &path) */ oc::result file_first_line(const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rbe"), fclose); if (!fp) { return ec_from_errno(); } @@ -118,7 +116,7 @@ oc::result file_first_line(const std::string &path) oc::result file_write_data(const std::string &path, const void *data, size_t size) { - ScopedFILE fp(fopen(path.c_str(), "wb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "wbe"), fclose); if (!fp) { return ec_from_errno(); } @@ -146,7 +144,7 @@ oc::result file_find_one_of(const std::string &path, void *map = MAP_FAILED; int fd = -1; - if ((fd = open(path.c_str(), O_RDONLY)) < 0) { + if ((fd = open(path.c_str(), O_RDONLY | O_CLOEXEC)) < 0) { return ec_from_errno(); } @@ -180,7 +178,7 @@ oc::result file_find_one_of(const std::string &path, oc::result> file_read_all(const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rbe"), fclose); if (!fp) { return ec_from_errno(); } @@ -213,7 +211,7 @@ oc::result> file_read_all(const std::string &path) oc::result get_blockdev_size(const std::string &path) { - int fd = open(path.c_str(), O_RDONLY); + int fd = open(path.c_str(), O_RDONLY | O_CLOEXEC); if (fd < 0) { return ec_from_errno(); } diff --git a/libmbutil/src/fstab.cpp b/libmbutil/src/fstab.cpp index b05f2cade..b6c624c5b 100644 --- a/libmbutil/src/fstab.cpp +++ b/libmbutil/src/fstab.cpp @@ -211,7 +211,7 @@ parse_fs_mgr_options(std::string_view options) // Much simplified version of fs_mgr's fstab parsing code FstabResult read_fstab(const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rbe"), fclose); if (!fp) { return FstabErrorInfo{{}, ec_from_errno()}; } @@ -289,7 +289,7 @@ FstabResult read_fstab(const std::string &path) FstabResult read_twrp_fstab(const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rbe"), fclose); if (!fp) { return FstabErrorInfo{{}, ec_from_errno()}; } diff --git a/libmbutil/src/hash.cpp b/libmbutil/src/hash.cpp index 1676767ac..505c9e4e6 100644 --- a/libmbutil/src/hash.cpp +++ b/libmbutil/src/hash.cpp @@ -40,7 +40,7 @@ using ScopedFILE = std::unique_ptr; */ oc::result sha512_hash(const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rbe"), fclose); if (!fp) { return ec_from_errno(); } diff --git a/libmbutil/src/loopdev.cpp b/libmbutil/src/loopdev.cpp index 2380b1568..5f08edb60 100644 --- a/libmbutil/src/loopdev.cpp +++ b/libmbutil/src/loopdev.cpp @@ -59,7 +59,7 @@ static oc::result find_loopdev_by_loop_control() { int fd = -1; - if ((fd = open(LOOP_CONTROL, O_RDWR)) < 0) { + if ((fd = open(LOOP_CONTROL, O_RDWR | O_CLOEXEC)) < 0) { return ec_from_errno(); } @@ -168,7 +168,7 @@ oc::result loopdev_set_up_device(const std::string &loopdev, const std::string &file, uint64_t offset, bool ro) { - int ffd = open(file.c_str(), ro ? O_RDONLY : O_RDWR); + int ffd = open(file.c_str(), (ro ? O_RDONLY : O_RDWR) | O_CLOEXEC); if (ffd < 0) { return ec_from_errno(); } @@ -177,7 +177,7 @@ oc::result loopdev_set_up_device(const std::string &loopdev, close(ffd); }); - int lfd = open(loopdev.c_str(), ro ? O_RDONLY : O_RDWR); + int lfd = open(loopdev.c_str(), (ro ? O_RDONLY : O_RDWR) | O_CLOEXEC); if (lfd < 0) { return ec_from_errno(); } @@ -207,7 +207,7 @@ oc::result loopdev_set_up_device(const std::string &loopdev, oc::result loopdev_remove_device(const std::string &loopdev) { - int lfd = open(loopdev.c_str(), O_RDONLY); + int lfd = open(loopdev.c_str(), O_RDONLY | O_CLOEXEC); if (lfd < 0) { return ec_from_errno(); } diff --git a/libmbutil/src/mount.cpp b/libmbutil/src/mount.cpp index 39f85d4ad..4dd430df0 100644 --- a/libmbutil/src/mount.cpp +++ b/libmbutil/src/mount.cpp @@ -168,7 +168,7 @@ oc::result> get_mount_entries() }); { - ScopedFILE fp(fopen(PROC_MOUNTINFO, "r"), fclose); + ScopedFILE fp(fopen(PROC_MOUNTINFO, "re"), fclose); if (fp) { while (getline(&line, &len, fp.get()) != -1) { MountEntry &entry = entries.emplace_back(); @@ -249,7 +249,7 @@ oc::result> get_mount_entries() } { - ScopedFILE fp(fopen(PROC_MOUNTS, "r"), fclose); + ScopedFILE fp(fopen(PROC_MOUNTS, "re"), fclose); if (fp) { while (getline(&line, &len, fp.get()) != -1) { MountEntry &entry = entries.emplace_back(); diff --git a/libmbutil/src/properties.cpp b/libmbutil/src/properties.cpp index d3ebdbe6a..bf813becb 100644 --- a/libmbutil/src/properties.cpp +++ b/libmbutil/src/properties.cpp @@ -251,7 +251,7 @@ typedef PropIterAction (*PropIterCb)(const std::string &key, static bool iterate_property_file(const std::string &path, PropIterCb cb, void *cookie) { - ScopedFILE fp(fopen(path.c_str(), "r"), &fclose); + ScopedFILE fp(fopen(path.c_str(), "re"), &fclose); if (!fp) { return false; } @@ -380,7 +380,7 @@ bool property_file_get_all(const std::string &path, bool property_file_write_all(const std::string &path, const std::unordered_map &map) { - ScopedFILE fp(fopen(path.c_str(), "wb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "wbe"), fclose); if (!fp) { return false; } diff --git a/libmbutil/src/selinux.cpp b/libmbutil/src/selinux.cpp index defd4986a..e7f94daa6 100644 --- a/libmbutil/src/selinux.cpp +++ b/libmbutil/src/selinux.cpp @@ -106,7 +106,7 @@ bool selinux_read_policy(const std::string &path, policydb_t *pdb) int fd; for (int i = 0; i < OPEN_ATTEMPTS; ++i) { - fd = open(path.c_str(), O_RDONLY); + fd = open(path.c_str(), O_RDONLY | O_CLOEXEC); if (fd < 0) { LOGE("[%d/%d] %s: Failed to open sepolicy: %s", i + 1, OPEN_ATTEMPTS, path.c_str(), strerror(errno)); @@ -180,7 +180,7 @@ bool selinux_write_policy(const std::string &path, policydb_t *pdb) }); for (int i = 0; i < OPEN_ATTEMPTS; ++i) { - fd = open(path.c_str(), O_CREAT | O_TRUNC | O_RDWR, 0644); + fd = open(path.c_str(), O_CREAT | O_TRUNC | O_RDWR | O_CLOEXEC, 0644); if (fd < 0) { LOGE("[%d/%d] %s: Failed to open sepolicy: %s", i + 1, OPEN_ATTEMPTS, path.c_str(), strerror(errno)); @@ -344,7 +344,7 @@ oc::result selinux_lset_context_recursive(const std::string &path, oc::result selinux_get_enforcing() { - int fd = open(SELINUX_ENFORCE_FILE, O_RDONLY); + int fd = open(SELINUX_ENFORCE_FILE, O_RDONLY | O_CLOEXEC); if (fd < 0) { return ec_from_errno(); } @@ -368,7 +368,7 @@ oc::result selinux_get_enforcing() oc::result selinux_set_enforcing(bool value) { - int fd = open(SELINUX_ENFORCE_FILE, O_RDWR); + int fd = open(SELINUX_ENFORCE_FILE, O_RDWR | O_CLOEXEC); if (fd < 0) { return ec_from_errno(); } diff --git a/libmbutil/src/vibrate.cpp b/libmbutil/src/vibrate.cpp index ebe46df46..e60299b43 100644 --- a/libmbutil/src/vibrate.cpp +++ b/libmbutil/src/vibrate.cpp @@ -48,7 +48,7 @@ static constexpr char VIBRATOR_PATH[] = */ oc::result vibrate(milliseconds timeout, milliseconds wait) { - int fd = open(VIBRATOR_PATH, O_WRONLY); + int fd = open(VIBRATOR_PATH, O_WRONLY | O_CLOEXEC); if (fd < 0) { return ec_from_errno(); } diff --git a/mbbootui/data.cpp b/mbbootui/data.cpp index 6a4ce867a..343ca1226 100644 --- a/mbbootui/data.cpp +++ b/mbbootui/data.cpp @@ -577,9 +577,9 @@ int DataManager::GetMagicValue(const std::string& varName, std::string& value) if (!battery_path.empty()) { std::string capacity_file = battery_path; capacity_file += "/capacity"; - cap = fopen(capacity_file.c_str(), "rt"); + cap = fopen(capacity_file.c_str(), "rte"); } else { - cap = fopen("/sys/class/power_supply/battery/capacity", "rt"); + cap = fopen("/sys/class/power_supply/battery/capacity", "rte"); } if (cap) { fgets(cap_s, 4, cap); @@ -595,9 +595,9 @@ int DataManager::GetMagicValue(const std::string& varName, std::string& value) if (!battery_path.empty()) { std::string status_file = battery_path; status_file += "/status"; - cap = fopen(status_file.c_str(), "rt"); + cap = fopen(status_file.c_str(), "rte"); } else { - cap = fopen("/sys/class/power_supply/battery/status", "rt"); + cap = fopen("/sys/class/power_supply/battery/status", "rte"); } if (cap) { fgets(cap_s, 2, cap); diff --git a/mbbootui/gui/pages.cpp b/mbbootui/gui/pages.cpp index 0d266b6af..66d85083b 100644 --- a/mbbootui/gui/pages.cpp +++ b/mbbootui/gui/pages.cpp @@ -1187,7 +1187,7 @@ char* PageManager::LoadFileToBuffer(const std::string& filename, return nullptr; } - int fd = open(filename.c_str(), O_RDONLY); + int fd = open(filename.c_str(), O_RDONLY | O_CLOEXEC); if (fd == -1) { LOGE("PageManager::LoadFileToBuffer failed to open '%s' - (%s)", filename.c_str(), strerror(errno)); free(buffer); diff --git a/mbbootui/gui/terminal.cpp b/mbbootui/gui/terminal.cpp index 1d4351eaf..17068fbc0 100644 --- a/mbbootui/gui/terminal.cpp +++ b/mbbootui/gui/terminal.cpp @@ -85,6 +85,7 @@ class Pseudoterminal g_pty_fd = fdMaster; return true; } else { + // O_CLOEXEC should not be used int fdSlave = open(ptsname(fdMaster), O_RDWR); close(fdMaster); runSlave(fdSlave); diff --git a/mbbootui/infomanager.cpp b/mbbootui/infomanager.cpp index 34abf18a2..7c5b9d5b4 100644 --- a/mbbootui/infomanager.cpp +++ b/mbbootui/infomanager.cpp @@ -71,7 +71,7 @@ int InfoManager::LoadValues() std::string str; // Read in the file, if possible - FILE* in = fopen(File.c_str(), "rb"); + FILE* in = fopen(File.c_str(), "rbe"); if (!in) { LOGI("InfoManager file '%s' not found.", File.c_str()); return -1; @@ -139,7 +139,7 @@ int InfoManager::SaveValues() } LOGI("InfoManager saving '%s'", File.c_str()); - FILE* out = fopen(File.c_str(), "wb"); + FILE* out = fopen(File.c_str(), "wbe"); if (!out) { return -1; } diff --git a/mbbootui/main.cpp b/mbbootui/main.cpp index 7601d404b..2c2bce324 100644 --- a/mbbootui/main.cpp +++ b/mbbootui/main.cpp @@ -79,6 +79,7 @@ static mb::patcher::PatcherConfig pc; static bool redirect_output_to_file(const char *path, mode_t mode) { + // O_CLOEXEC should not be enabled here int flags = O_WRONLY | O_CREAT; #if APPEND_TO_LOG flags |= O_APPEND; diff --git a/mbbootui/minuitwrp/backend/backend_drm.cpp b/mbbootui/minuitwrp/backend/backend_drm.cpp index 739683630..e145324c5 100644 --- a/mbbootui/minuitwrp/backend/backend_drm.cpp +++ b/mbbootui/minuitwrp/backend/backend_drm.cpp @@ -407,7 +407,7 @@ static GRSurface* drm_init(minui_backend* backend __unused) continue; } - drm_fd = open(dev_name, O_RDWR, 0); + drm_fd = open(dev_name, O_RDWR | O_CLOEXEC, 0); free(dev_name); if (drm_fd < 0) { continue; diff --git a/mbbootui/minuitwrp/backend/backend_fbdev.cpp b/mbbootui/minuitwrp/backend/backend_fbdev.cpp index f31b3d0df..98048aa02 100644 --- a/mbbootui/minuitwrp/backend/backend_fbdev.cpp +++ b/mbbootui/minuitwrp/backend/backend_fbdev.cpp @@ -74,7 +74,7 @@ static void fbdev_blank(minui_backend* backend __unused, bool blank) char brightness[4]; snprintf(brightness, 4, "%03d", tw_device.tw_max_brightness() / 2); - fd = open(brightness_path.c_str(), O_RDWR); + fd = open(brightness_path.c_str(), O_RDWR | O_CLOEXEC); if (fd < 0) { perror("cannot open LCD backlight"); return; @@ -85,7 +85,7 @@ static void fbdev_blank(minui_backend* backend __unused, bool blank) auto const &secondary_brightness_path = tw_device.tw_secondary_brightness_path(); if (!secondary_brightness_path.empty()) { - fd = open(secondary_brightness_path.c_str(), O_RDWR); + fd = open(secondary_brightness_path.c_str(), O_RDWR | O_CLOEXEC); if (fd < 0) { perror("cannot open LCD backlight 2"); return; @@ -123,7 +123,7 @@ static GRSurface* fbdev_init(minui_backend* backend) int retry = 20; int fd = -1; while (fd == -1) { - fd = open("/dev/graphics/fb0", O_RDWR); + fd = open("/dev/graphics/fb0", O_RDWR | O_CLOEXEC); if (fd == -1) { if (--retry) { // wait for init to create the device node diff --git a/mbbootui/minuitwrp/backend/backend_overlay.cpp b/mbbootui/minuitwrp/backend/backend_overlay.cpp index 9a4c063ed..e44fd6132 100644 --- a/mbbootui/minuitwrp/backend/backend_overlay.cpp +++ b/mbbootui/minuitwrp/backend/backend_overlay.cpp @@ -130,7 +130,7 @@ extern "C" struct minui_backend * BACKEND_FUNCTION(BACKEND_NAME)() fb_fix_screeninfo fi; int fd; - fd = open("/dev/graphics/fb0", O_RDWR); + fd = open("/dev/graphics/fb0", O_RDWR | O_CLOEXEC); if (fd < 0) { perror("open_overlay cannot open fb0"); return nullptr; @@ -165,7 +165,7 @@ static void overlay_blank(minui_backend* backend __unused, bool blank) char brightness[4]; snprintf(brightness, 4, "%03d", tw_device.tw_max_brightness() / 2); - fd = open(brightness_path.c_str(), O_RDWR); + fd = open(brightness_path.c_str(), O_RDWR | O_CLOEXEC); if (fd < 0) { perror("cannot open LCD backlight"); return; @@ -176,7 +176,7 @@ static void overlay_blank(minui_backend* backend __unused, bool blank) auto const &secondary_brightness_path = tw_device.tw_secondary_brightness_path(); if (!secondary_brightness_path.empty()) { - fd = open(secondary_brightness_path.c_str(), O_RDWR); + fd = open(secondary_brightness_path.c_str(), O_RDWR | O_CLOEXEC); if (fd < 0) { perror("cannot open LCD backlight 2"); return; @@ -201,7 +201,7 @@ void setDisplaySplit(void) if (!isMDP5) { return; } - FILE* fp = fopen("/sys/class/graphics/fb0/msm_fb_split", "r"); + FILE* fp = fopen("/sys/class/graphics/fb0/msm_fb_split", "re"); if (fp) { //Format "left right" space as delimiter if (fread(split, sizeof(char), 64, fp)) { @@ -273,7 +273,7 @@ int alloc_ion_mem(unsigned int size) struct ion_fd_data fd_data; struct ion_allocation_data ionAllocData; - mem_info.ion_fd = open("/dev/ion", O_RDWR|O_DSYNC); + mem_info.ion_fd = open("/dev/ion", O_RDWR | O_DSYNC | O_CLOEXEC); if (mem_info.ion_fd < 0) { perror("ERROR: Can't open ion "); return -errno; @@ -583,7 +583,7 @@ int free_overlay(int fd) static GRSurface* overlay_init(minui_backend* backend) { - int fd = open("/dev/graphics/fb0", O_RDWR); + int fd = open("/dev/graphics/fb0", O_RDWR | O_CLOEXEC); if (fd == -1) { perror("cannot open fb0"); return nullptr; diff --git a/mbbootui/minuitwrp/events.cpp b/mbbootui/minuitwrp/events.cpp index c2d504a17..437ea4e05 100644 --- a/mbbootui/minuitwrp/events.cpp +++ b/mbbootui/minuitwrp/events.cpp @@ -188,7 +188,7 @@ static int vk_init(struct ev *e) // Some devices split the keys from the touchscreen e->vk_count = 0; - vk_fd = open(vk_path, O_RDONLY); + vk_fd = open(vk_path, O_RDONLY | O_CLOEXEC); if (vk_fd >= 0) { len = read(vk_fd, vks, sizeof(vks) - 1); close(vk_fd); diff --git a/mbbootui/minuitwrp/graphics_utils.cpp b/mbbootui/minuitwrp/graphics_utils.cpp index 9a75a6a96..69723a3bf 100644 --- a/mbbootui/minuitwrp/graphics_utils.cpp +++ b/mbbootui/minuitwrp/graphics_utils.cpp @@ -38,7 +38,7 @@ int gr_save_screenshot(const char *dest) png_structp png_ptr = nullptr; png_infop info_ptr = nullptr; - fp = fopen(dest, "wb"); + fp = fopen(dest, "wbe"); if (!fp) { goto exit; } diff --git a/mbbootui/minuitwrp/resources.cpp b/mbbootui/minuitwrp/resources.cpp index db4fc1472..ecf4bd7e1 100644 --- a/mbbootui/minuitwrp/resources.cpp +++ b/mbbootui/minuitwrp/resources.cpp @@ -65,9 +65,9 @@ static int open_png(const char* name, png_structp* png_ptr, png_infop* info_ptr, snprintf(resPath, sizeof(resPath)-1, "%s/images/%s.png", tw_resource_path.c_str(), name); resPath[sizeof(resPath)-1] = '\0'; - FILE* fp = fopen(resPath, "rb"); + FILE* fp = fopen(resPath, "rbe"); if (fp == nullptr) { - fp = fopen(name, "rb"); + fp = fopen(name, "rbe"); if (fp == nullptr) { result = -1; goto exit; @@ -279,13 +279,13 @@ int res_create_surface_jpg(const char* name, gr_surface* pSurface) unsigned char* pData; size_t width, height, stride, pixelSize; - FILE* fp = fopen(name, "rb"); + FILE* fp = fopen(name, "rbe"); if (fp == nullptr) { char resPath[256]; snprintf(resPath, sizeof(resPath)-1, "%s/images/%s", tw_resource_path.c_str(), name); resPath[sizeof(resPath)-1] = '\0'; - fp = fopen(resPath, "rb"); + fp = fopen(resPath, "rbe"); if (fp == nullptr) { result = -1; goto exit; diff --git a/mbbootui/minzip/SysUtil.c b/mbbootui/minzip/SysUtil.c index 0ac1fa9b8..d12610d99 100644 --- a/mbbootui/minzip/SysUtil.c +++ b/mbbootui/minzip/SysUtil.c @@ -137,7 +137,7 @@ static int sysMapBlockFile(FILE* mapf, MemMapping* pMap) pMap->ranges[range_count-1].addr = reserve; pMap->ranges[range_count-1].length = blocks * blksize; - int fd = open(block_dev, O_RDONLY); + int fd = open(block_dev, O_RDONLY | O_CLOEXEC); if (fd < 0) { LOGW("failed to open block device %s: %s\n", block_dev, strerror(errno)); return -1; @@ -180,7 +180,7 @@ int sysMapFile(const char* fn, MemMapping* pMap) if (fn && fn[0] == '@') { // A map of blocks - FILE* mapf = fopen(fn+1, "r"); + FILE* mapf = fopen(fn+1, "re"); if (mapf == NULL) { LOGV("Unable to open '%s': %s\n", fn+1, strerror(errno)); return -1; @@ -194,7 +194,7 @@ int sysMapFile(const char* fn, MemMapping* pMap) fclose(mapf); } else { // This is a regular file. - int fd = open(fn, O_RDONLY, 0); + int fd = open(fn, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { LOGE("Unable to open '%s': %s\n", fn, strerror(errno)); return -1; diff --git a/mbbootui/twrp-functions.cpp b/mbbootui/twrp-functions.cpp index 1fad3841f..e02696026 100644 --- a/mbbootui/twrp-functions.cpp +++ b/mbbootui/twrp-functions.cpp @@ -162,7 +162,7 @@ void TWFunc::Fixup_Time_On_Boot() return; } - f = fopen(ats_path.c_str(), "r"); + f = fopen(ats_path.c_str(), "re"); if (!f) { LOGI("TWFunc::Fixup_Time: failed to open file %s", ats_path.c_str()); return; diff --git a/mbtool/bootimg_util.cpp b/mbtool/bootimg_util.cpp index 09e79e391..5463864a9 100644 --- a/mbtool/bootimg_util.cpp +++ b/mbtool/bootimg_util.cpp @@ -71,7 +71,7 @@ bool bi_copy_data_to_fd(Reader &reader, int fd) bool bi_copy_file_to_data(const std::string &path, Writer &writer) { - ScopedFILE fp(fopen(path.c_str(), "rb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "rbe"), fclose); if (!fp) { LOGE("%s: Failed to open for reading: %s", path.c_str(), strerror(errno)); @@ -106,7 +106,7 @@ bool bi_copy_file_to_data(const std::string &path, Writer &writer) bool bi_copy_data_to_file(Reader &reader, const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "wb"), fclose); + ScopedFILE fp(fopen(path.c_str(), "wbe"), fclose); if (!fp) { LOGE("%s: Failed to open for writing: %s", path.c_str(), strerror(errno)); diff --git a/mbtool/daemon.cpp b/mbtool/daemon.cpp index fd95567f2..cd6fc9e2a 100644 --- a/mbtool/daemon.cpp +++ b/mbtool/daemon.cpp @@ -317,6 +317,7 @@ static bool redirect_stdio_to_dev_null() { bool ret = true; + // O_CLOEXEC should not be set int fd = open("/dev/null", O_RDWR); if (fd < 0) { LOGE("Failed to open /dev/null: %s", strerror(errno)); @@ -367,7 +368,7 @@ static bool daemon_init() return false; } - log_fp.reset(fopen(get_raw_path(MULTIBOOT_LOG_DAEMON).c_str(), "w")); + log_fp.reset(fopen(get_raw_path(MULTIBOOT_LOG_DAEMON).c_str(), "we")); if (!log_fp) { LOGE("Failed to open log file %s: %s", MULTIBOOT_LOG_DAEMON, strerror(errno)); diff --git a/mbtool/emergency.cpp b/mbtool/emergency.cpp index 5139c3780..a631bfd5e 100644 --- a/mbtool/emergency.cpp +++ b/mbtool/emergency.cpp @@ -108,7 +108,7 @@ static oc::result dump_kernel_log(const char *file) return ec_from_errno(); } - ScopedFILE fp(fopen(file, "wb"), fclose); + ScopedFILE fp(fopen(file, "wbe"), fclose); if (!fp) { return ec_from_errno(); } diff --git a/mbtool/init.cpp b/mbtool/init.cpp index 56300622b..47de97b10 100644 --- a/mbtool/init.cpp +++ b/mbtool/init.cpp @@ -309,7 +309,7 @@ static bool fix_file_contexts(const char *path) std::string new_path(path); new_path += ".new"; - ScopedFILE fp_old(fopen(path, "rb"), fclose); + ScopedFILE fp_old(fopen(path, "rbe"), fclose); if (!fp_old) { if (errno == ENOENT) { return true; @@ -320,7 +320,7 @@ static bool fix_file_contexts(const char *path) } } - ScopedFILE fp_new(fopen(new_path.c_str(), "wb"), fclose); + ScopedFILE fp_new(fopen(new_path.c_str(), "wbe"), fclose); if (!fp_new) { LOGE("%s: Failed to open for writing: %s", new_path.c_str(), strerror(errno)); @@ -427,7 +427,7 @@ static bool is_completely_whitespace(const char *str) static bool add_mbtool_services(bool enable_appsync) { - ScopedFILE fp_old(fopen("/init.rc", "rb"), fclose); + ScopedFILE fp_old(fopen("/init.rc", "rbe"), fclose); if (!fp_old) { if (errno == ENOENT) { return true; @@ -437,7 +437,7 @@ static bool add_mbtool_services(bool enable_appsync) } } - ScopedFILE fp_new(fopen("/init.rc.new", "wb"), fclose); + ScopedFILE fp_new(fopen("/init.rc.new", "wbe"), fclose); if (!fp_new) { LOGE("Failed to open /init.rc.new for writing: %s", strerror(errno)); @@ -503,7 +503,7 @@ static bool add_mbtool_services(bool enable_appsync) } // Create /init.multiboot.rc - ScopedFILE fp_multiboot(fopen("/init.multiboot.rc", "wb"), fclose); + ScopedFILE fp_multiboot(fopen("/init.multiboot.rc", "wbe"), fclose); if (!fp_multiboot) { LOGE("Failed to open /init.multiboot.rc for writing: %s", strerror(errno)); @@ -573,7 +573,7 @@ static bool strip_manual_mounts() std::string path("/"); path += ent->d_name; - ScopedFILE fp(fopen(path.c_str(), "r"), fclose); + ScopedFILE fp(fopen(path.c_str(), "re"), fclose); if (!fp) { LOGE("Failed to open %s for reading: %s", path.c_str(), strerror(errno)); @@ -620,7 +620,7 @@ static bool strip_manual_mounts() std::string new_path(path); new_path += ".new"; - ScopedFILE fp_new(fopen(new_path.c_str(), "w"), fclose); + ScopedFILE fp_new(fopen(new_path.c_str(), "we"), fclose); if (!fp_new) { LOGE("Failed to open %s for writing: %s", new_path.c_str(), strerror(errno)); @@ -645,7 +645,7 @@ static bool strip_manual_mounts() static bool add_props_to_default_prop() { - ScopedFILE fp(fopen(DEFAULT_PROP_PATH, "r+b"), fclose); + ScopedFILE fp(fopen(DEFAULT_PROP_PATH, "r+be"), fclose); if (!fp) { if (errno == ENOENT) { return true; @@ -735,7 +735,7 @@ static std::string find_fstab() std::string path("/"); path += ent->d_name; - ScopedFILE fp(fopen(path.c_str(), "r"), fclose); + ScopedFILE fp(fopen(path.c_str(), "re"), fclose); if (!fp) { continue; } @@ -968,7 +968,7 @@ static bool extract_zip(const char *source, const char *target) (void) util::mkdir_recursive(target, 0755); - FILE *fp = fopen(target_file.c_str(), "wb"); + FILE *fp = fopen(target_file.c_str(), "wbe"); if (!fp) { LOGE("%s: Failed to open for writing: %s", target_file.c_str(), strerror(errno)); diff --git a/mbtool/initwrapper/util.cpp b/mbtool/initwrapper/util.cpp index b760d660d..211d7d6bd 100644 --- a/mbtool/initwrapper/util.cpp +++ b/mbtool/initwrapper/util.cpp @@ -82,6 +82,7 @@ void open_devnull_stdio(void) { static const char *name = "/dev/__null__"; if (mknod(name, S_IFCHR | 0600, (1 << 8) | 3) == 0) { + // O_CLOEXEC should not be used int fd = open(name, O_RDWR); unlink(name); if (fd >= 0) { diff --git a/mbtool/installer.cpp b/mbtool/installer.cpp index e64d704ee..c5af303b9 100644 --- a/mbtool/installer.cpp +++ b/mbtool/installer.cpp @@ -1051,6 +1051,7 @@ bool Installer::run_real_updater() } // Make sure the updater won't run interactively + // O_CLOEXEC should not be set int fd_dev_null = open("/dev/null", O_RDONLY); if (fd_dev_null < 0) { LOGE("%s: Failed to open: %s", "/dev/null", strerror(errno)); diff --git a/mbtool/mount_fstab.cpp b/mbtool/mount_fstab.cpp index ca74a28d0..622c3c391 100644 --- a/mbtool/mount_fstab.cpp +++ b/mbtool/mount_fstab.cpp @@ -949,7 +949,7 @@ bool mount_fstab(const char *path, const std::shared_ptr &rom, // Rewrite fstab file if (ret && (flags & MountFlag::RewriteFstab)) { - int fd = open(path, O_RDWR | O_TRUNC); + int fd = open(path, O_RDWR | O_TRUNC | O_CLOEXEC); if (fd < 0) { LOGE("%s: Failed to open file: %s", path, strerror(errno)); return false; diff --git a/mbtool/ramdisk_patcher.cpp b/mbtool/ramdisk_patcher.cpp index 43bbf9391..fc43b7ad8 100644 --- a/mbtool/ramdisk_patcher.cpp +++ b/mbtool/ramdisk_patcher.cpp @@ -48,7 +48,7 @@ static bool _rp_write_rom_id(const std::string &dir, const std::string &rom_id) std::string path(dir); path += "/romid"; - FILE *fp = fopen(path.c_str(), "wb"); + FILE *fp = fopen(path.c_str(), "wbe"); if (!fp) { LOGE("%s: Failed to open for writing: %s", path.c_str(), strerror(errno)); @@ -110,7 +110,7 @@ static bool _rp_patch_default_prop(const std::string &dir, close(tmp_fd); }); - FILE *fp_in = fopen(path.c_str(), "rb"); + FILE *fp_in = fopen(path.c_str(), "rbe"); if (!fp_in) { LOGE("%s: Failed to open for reading: %s", path.c_str(), strerror(errno)); diff --git a/mbtool/rom_installer.cpp b/mbtool/rom_installer.cpp index 1d1d4c6c5..ff8ad6850 100644 --- a/mbtool/rom_installer.cpp +++ b/mbtool/rom_installer.cpp @@ -196,7 +196,7 @@ Installer::ProceedState RomInstaller::on_checked_device() // Create fake /etc/fstab file to please installers that read the file std::string etc_fstab(in_chroot("/etc/fstab")); if (access(etc_fstab.c_str(), R_OK) < 0 && errno == ENOENT) { - ScopedFILE fp(fopen(etc_fstab.c_str(), "w"), fclose); + ScopedFILE fp(fopen(etc_fstab.c_str(), "we"), fclose); if (fp) { auto system_devs = _device.system_block_devs(); auto cache_devs = _device.cache_block_devs(); @@ -589,7 +589,7 @@ int rom_installer_main(int argc, char *argv[]) } - ScopedFILE fp(fopen(MULTIBOOT_LOG_INSTALLER, "wb"), fclose); + ScopedFILE fp(fopen(MULTIBOOT_LOG_INSTALLER, "wbe"), fclose); if (!fp) { fprintf(stderr, "Failed to open %s: %s\n", MULTIBOOT_LOG_INSTALLER, strerror(errno)); @@ -600,6 +600,7 @@ int rom_installer_main(int argc, char *argv[]) // Close stdin #if !DEBUG_LEAVE_STDIN_OPEN + // O_CLOEXEC should not be set int fd = open("/dev/null", O_RDONLY); if (fd >= 0) { dup2(fd, STDIN_FILENO); diff --git a/mbtool/romconfig.cpp b/mbtool/romconfig.cpp index fb9d0741a..97ed3efee 100644 --- a/mbtool/romconfig.cpp +++ b/mbtool/romconfig.cpp @@ -221,7 +221,7 @@ static bool load_root(RomConfig &config, const Value &node) bool RomConfig::load_file(const std::string &path) { - ScopedFILE fp(fopen(path.c_str(), "r"), &fclose); + ScopedFILE fp(fopen(path.c_str(), "re"), &fclose); if (!fp) { LOGE("%s: Failed to open for reading: %s", path.c_str(), strerror(errno)); @@ -293,7 +293,7 @@ bool RomConfig::save_file(const std::string &path) d.AddMember(KEY_APP_SHARING, v_app_sharing, alloc); } - ScopedFILE fp(fopen(path.c_str(), "w"), &fclose); + ScopedFILE fp(fopen(path.c_str(), "we"), &fclose); if (!fp) { LOGE("%s: Failed to open for writing: %s", path.c_str(), strerror(errno)); diff --git a/odinupdater/fuse-sparse.cpp b/odinupdater/fuse-sparse.cpp index 8a012ff77..391b6c5fa 100644 --- a/odinupdater/fuse-sparse.cpp +++ b/odinupdater/fuse-sparse.cpp @@ -293,7 +293,7 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } - fd = open(arg_ctx.source_file, O_RDONLY); + fd = open(arg_ctx.source_file, O_RDONLY | O_CLOEXEC); if (fd < 0) { fprintf(stderr, "%s: Failed to open: %s\n", arg_ctx.source_file, strerror(errno)); diff --git a/odinupdater/odinupdater.cpp b/odinupdater/odinupdater.cpp index b19623030..a1fe317b7 100644 --- a/odinupdater/odinupdater.cpp +++ b/odinupdater/odinupdater.cpp @@ -521,7 +521,7 @@ static ExtractResult extract_raw_file(const char *zip_filename, static bool disable_vaultkeeper(const char *path) { // Open old properties file - ScopedFILE fp_old(fopen(path, "rb"), fclose); + ScopedFILE fp_old(fopen(path, "rbe"), fclose); if (!fp_old) { if (errno == ENOENT) { return true;