Open iptables-restore pipes with O_CLOEXEC.

This improves security and reliability, and also avoids keeping
superflous fds open in iptables-restore processes: the pipe fds
that are dup2()d are never closed.

Bug: 28362720
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass

(cherry picked from commit cd0fa850d8cd05310be9b49750455dfd2e1802b0)

Change-Id: I1ec6953327d889eb1948b2a10e532304b308e516

1 files changed, 3 insertions, 13 deletions

diff --git a/server/IptablesRestoreController.cpp b/server/IptablesRestoreController.cpp
index 37b94bf4..88d88f64 100644
--- a/server/IptablesRestoreController.cpp
+++ b/server/IptablesRestoreController.cpp
@@ -143,9 +143,9 @@ IptablesProcess* IptablesRestoreController::forkAndExec(const IptablesProcessTyp
     int stdout_pipe[2];
     int stderr_pipe[2];
 
-    if (pipe2(stdin_pipe, 0) == -1 ||
-        pipe2(stdout_pipe, O_NONBLOCK) == -1 ||
-        pipe2(stderr_pipe, O_NONBLOCK) == -1) {
+    if (pipe2(stdin_pipe,  O_CLOEXEC) == -1 ||
+        pipe2(stdout_pipe, O_NONBLOCK | O_CLOEXEC) == -1 ||
+        pipe2(stderr_pipe, O_NONBLOCK | O_CLOEXEC) == -1) {
 
         ALOGE("pipe2() failed: %s", strerror(errno));
         return nullptr;
@@ -161,16 +161,6 @@ IptablesProcess* IptablesRestoreController::forkAndExec(const IptablesProcessTyp
     if (child_pid.value() == 0) {
         // The child process. Reads from stdin, writes to stderr and stdout.
 
-        // stdin_pipe[1] : The write end of the stdin pipe.
-        // stdout_pipe[0] : The read end of the stdout pipe.
-        // stderr_pipe[0] : The read end of the stderr pipe.
-        if (close(stdin_pipe[1]) == -1 ||
-            close(stdout_pipe[0]) == -1 ||
-            close(stderr_pipe[0]) == -1) {
-
-            ALOGW("close() failed: %s", strerror(errno));
-        }
-
         // stdin_pipe[0] : The read end of the stdin pipe.
         // stdout_pipe[1] : The write end of the stdout pipe.
         // stderr_pipe[1] : The write end of the stderr pipe.