Fix fd leak in KeepaliveTracker.

The semantics of FileDescriptor in AIDL are that the callee must close the file descriptor it receives manually. Fix: 157789860 Bug: 155136951 Test: treehugger Change-Id: Ice9fc9abe2959a84ad138a95c900dff676653665 Merged-In: Ice9fc9abe2959a84ad138a95c900dff676653665 (cherry picked from commit db8ae41da255caad7640fc2c1b58d16aafb0e62b) (cherry picked from commit e5a64d49da480f419aaf4424dda094763089d121)
author: Lorenzo Colitti <lorenzo@google.com> 2020-08-07 06:39:05 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2020-08-11 13:22:10 +0000
commit: f673396826bf517e7fe4a2e22e4bf2bc4d30073f (patch)
tree: de600830cf4c6b686b4cd1fae095d30e7bf66a35
parent: 1b1dc1f7809ba797007e4c23f34bae2bf497aa52 (diff)
download: base-f673396826bf517e7fe4a2e22e4bf2bc4d30073f.tar.gz
1 files changed, 25 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 77cd5d2ffdab..03c31a6971a8 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -220,6 +220,8 @@ import com.android.server.utils.PriorityDump;
 
 import com.google.android.collect.Lists;
 
+import libcore.io.IoUtils;
+
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 
@@ -7519,18 +7521,34 @@ public class ConnectivityService extends IConnectivityManager.Stub
     public void startNattKeepaliveWithFd(Network network, FileDescriptor fd, int resourceId,
             int intervalSeconds, ISocketKeepaliveCallback cb, String srcAddr,
             String dstAddr) {
-        mKeepaliveTracker.startNattKeepalive(
-                getNetworkAgentInfoForNetwork(network), fd, resourceId,
-                intervalSeconds, cb,
-                srcAddr, dstAddr, NattSocketKeepalive.NATT_PORT);
+        try {
+            mKeepaliveTracker.startNattKeepalive(
+                    getNetworkAgentInfoForNetwork(network), fd, resourceId,
+                    intervalSeconds, cb,
+                    srcAddr, dstAddr, NattSocketKeepalive.NATT_PORT);
+        } finally {
+            // FileDescriptors coming from AIDL calls must be manually closed to prevent leaks.
+            // startNattKeepalive calls Os.dup(fd) before returning, so we can close immediately.
+            if (fd != null && Binder.getCallingPid() != Process.myPid()) {
+                IoUtils.closeQuietly(fd);
+            }
+        }
     }
 
     @Override
     public void startTcpKeepalive(Network network, FileDescriptor fd, int intervalSeconds,
             ISocketKeepaliveCallback cb) {
-        enforceKeepalivePermission();
-        mKeepaliveTracker.startTcpKeepalive(
-                getNetworkAgentInfoForNetwork(network), fd, intervalSeconds, cb);
+        try {
+            enforceKeepalivePermission();
+            mKeepaliveTracker.startTcpKeepalive(
+                    getNetworkAgentInfoForNetwork(network), fd, intervalSeconds, cb);
+        } finally {
+            // FileDescriptors coming from AIDL calls must be manually closed to prevent leaks.
+            // startTcpKeepalive calls Os.dup(fd) before returning, so we can close immediately.
+            if (fd != null && Binder.getCallingPid() != Process.myPid()) {
+                IoUtils.closeQuietly(fd);
+            }
+        }
     }
 
     @Override
author	Lorenzo Colitti <lorenzo@google.com>	2020-08-07 06:39:05 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2020-08-11 13:22:10 +0000
commit	f673396826bf517e7fe4a2e22e4bf2bc4d30073f (patch)
tree	de600830cf4c6b686b4cd1fae095d30e7bf66a35
parent	1b1dc1f7809ba797007e4c23f34bae2bf497aa52 (diff)
download	base-f673396826bf517e7fe4a2e22e4bf2bc4d30073f.tar.gz