diff options
| author | Nick Kralevich <nnk@google.com> | 2016-12-11 09:30:16 -0800 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2017-04-12 14:51:41 -0400 |
| commit | 64afa1aff1cd610d2493f780e2a44b551f668b84 (patch) | |
| tree | e3fb6756f529cf4b15736955db8f6d74bfa6bcd1 /libselinux/src/booleans.c | |
| parent | 35af4592202cc4e7d7f605ce5d51dce5827cd55a (diff) | |
| download | android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.gz android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.bz2 android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.zip | |
libselinux: add O_CLOEXEC
Makes libselinux safer and less likely to leak file descriptors when
used as part of a multithreaded program.
Signed-off-by: Nick Kralevich <nnk@google.com>
Diffstat (limited to 'libselinux/src/booleans.c')
| -rw-r--r-- | libselinux/src/booleans.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index 49452756..1da55bfd 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) if (!name) return NULL; - cfg = fopen(selinux_booleans_subs_path(), "r"); + cfg = fopen(selinux_booleans_subs_path(), "re"); if (!cfg) goto out; @@ -210,7 +210,7 @@ static int get_bool_value(const char *name, char **buf) (*buf)[STRBUF_SIZE] = 0; - fd = bool_open(name, O_RDONLY); + fd = bool_open(name, O_RDONLY | O_CLOEXEC); if (fd < 0) goto out_err; @@ -274,7 +274,7 @@ int security_set_boolean(const char *name, int value) return -1; } - fd = bool_open(name, O_WRONLY); + fd = bool_open(name, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -305,7 +305,7 @@ int security_commit_booleans(void) } snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -411,7 +411,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist) snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", bool_file); - boolf = fopen(local_bool_file, "r"); + boolf = fopen(local_bool_file, "re"); if (boolf != NULL) { ssize_t ret; size_t size = 0; @@ -530,7 +530,7 @@ int security_load_booleans(char *path) int val; char name[BUFSIZ]; - boolf = fopen(path ? path : selinux_booleans_path(), "r"); + boolf = fopen(path ? path : selinux_booleans_path(), "re"); if (boolf == NULL) goto localbool; @@ -548,7 +548,7 @@ int security_load_booleans(char *path) localbool: snprintf(localbools, sizeof(localbools), "%s.local", (path ? path : selinux_booleans_path())); - boolf = fopen(localbools, "r"); + boolf = fopen(localbools, "re"); if (boolf != NULL) { int ret; |