libselinux: add O_CLOEXEC

Makes libselinux safer and less likely to leak file descriptors when used as part of a multithreaded program. Signed-off-by: Nick Kralevich <nnk@google.com>
author: Nick Kralevich <nnk@google.com> 2016-12-11 09:30:16 -0800
committer: Stephen Smalley <sds@tycho.nsa.gov> 2017-04-12 14:51:41 -0400
commit: 64afa1aff1cd610d2493f780e2a44b551f668b84 (patch)
tree: e3fb6756f529cf4b15736955db8f6d74bfa6bcd1 /libselinux/src/procattr.c
parent: 35af4592202cc4e7d7f605ce5d51dce5827cd55a (diff)
download: android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.gz
android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.bz2
android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 8cd59af5..ebc0adec 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** context,
 		return 0;
 	}
 
-	fd = openattr(pid, attr, O_RDONLY);
+	fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC);
 	if (fd < 0)
 		return -1;
 
@@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char * context,
 	    && !strcmp(context, *prev_context))
 		return 0;
 
-	fd = openattr(pid, attr, O_RDWR);
+	fd = openattr(pid, attr, O_RDWR | O_CLOEXEC);
 	if (fd < 0)
 		return -1;
 	if (context) {
author	Nick Kralevich <nnk@google.com>	2016-12-11 09:30:16 -0800
committer	Stephen Smalley <sds@tycho.nsa.gov>	2017-04-12 14:51:41 -0400
commit	64afa1aff1cd610d2493f780e2a44b551f668b84 (patch)
tree	e3fb6756f529cf4b15736955db8f6d74bfa6bcd1 /libselinux/src/procattr.c
parent	35af4592202cc4e7d7f605ce5d51dce5827cd55a (diff)
download	android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.gz android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.bz2 android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.zip