1*6777b538SAndroid Build Coastguard Worker // Copyright 2014 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #include "base/files/scoped_file.h" 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker #include "base/check.h" 8*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h" 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 11*6777b538SAndroid Build Coastguard Worker #include <errno.h> 12*6777b538SAndroid Build Coastguard Worker #include <unistd.h> 13*6777b538SAndroid Build Coastguard Worker 14*6777b538SAndroid Build Coastguard Worker #include "base/posix/eintr_wrapper.h" 15*6777b538SAndroid Build Coastguard Worker #endif 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker namespace base { 18*6777b538SAndroid Build Coastguard Worker namespace internal { 19*6777b538SAndroid Build Coastguard Worker 20*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Worker // static Free(int fd)23*6777b538SAndroid Build Coastguard Workervoid ScopedFDCloseTraits::Free(int fd) { 24*6777b538SAndroid Build Coastguard Worker // It's important to crash here. 25*6777b538SAndroid Build Coastguard Worker // There are security implications to not closing a file descriptor 26*6777b538SAndroid Build Coastguard Worker // properly. As file descriptors are "capabilities", keeping them open 27*6777b538SAndroid Build Coastguard Worker // would make the current process keep access to a resource. Much of 28*6777b538SAndroid Build Coastguard Worker // Chrome relies on being able to "drop" such access. 29*6777b538SAndroid Build Coastguard Worker // It's especially problematic on Linux with the setuid sandbox, where 30*6777b538SAndroid Build Coastguard Worker // a single open directory would bypass the entire security model. 31*6777b538SAndroid Build Coastguard Worker int ret = IGNORE_EINTR(close(fd)); 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_APPLE) || \ 34*6777b538SAndroid Build Coastguard Worker BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) 35*6777b538SAndroid Build Coastguard Worker // NB: Some file descriptors can return errors from close() e.g. network 36*6777b538SAndroid Build Coastguard Worker // filesystems such as NFS and Linux input devices. On Linux, macOS, and 37*6777b538SAndroid Build Coastguard Worker // Fuchsia's POSIX layer, errors from close other than EBADF do not indicate 38*6777b538SAndroid Build Coastguard Worker // failure to actually close the fd. 39*6777b538SAndroid Build Coastguard Worker if (ret != 0 && errno != EBADF) 40*6777b538SAndroid Build Coastguard Worker ret = 0; 41*6777b538SAndroid Build Coastguard Worker #endif 42*6777b538SAndroid Build Coastguard Worker 43*6777b538SAndroid Build Coastguard Worker PCHECK(0 == ret); 44*6777b538SAndroid Build Coastguard Worker } 45*6777b538SAndroid Build Coastguard Worker 46*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) 47*6777b538SAndroid Build Coastguard Worker 48*6777b538SAndroid Build Coastguard Worker } // namespace internal 49*6777b538SAndroid Build Coastguard Worker } // namespace base 50