1*635a8641SAndroid Build Coastguard Worker // Copyright 2014 The Chromium Authors. All rights reserved. 2*635a8641SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*635a8641SAndroid Build Coastguard Worker // found in the LICENSE file. 4*635a8641SAndroid Build Coastguard Worker 5*635a8641SAndroid Build Coastguard Worker #include "base/files/scoped_file.h" 6*635a8641SAndroid Build Coastguard Worker 7*635a8641SAndroid Build Coastguard Worker #include "base/logging.h" 8*635a8641SAndroid Build Coastguard Worker #include "build/build_config.h" 9*635a8641SAndroid Build Coastguard Worker 10*635a8641SAndroid Build Coastguard Worker #if defined(OS_POSIX) || defined(OS_FUCHSIA) 11*635a8641SAndroid Build Coastguard Worker #include <errno.h> 12*635a8641SAndroid Build Coastguard Worker #include <unistd.h> 13*635a8641SAndroid Build Coastguard Worker 14*635a8641SAndroid Build Coastguard Worker #include "base/posix/eintr_wrapper.h" 15*635a8641SAndroid Build Coastguard Worker #endif 16*635a8641SAndroid Build Coastguard Worker 17*635a8641SAndroid Build Coastguard Worker namespace base { 18*635a8641SAndroid Build Coastguard Worker namespace internal { 19*635a8641SAndroid Build Coastguard Worker 20*635a8641SAndroid Build Coastguard Worker #if defined(OS_POSIX) || defined(OS_FUCHSIA) 21*635a8641SAndroid Build Coastguard Worker 22*635a8641SAndroid Build Coastguard Worker // static Free(int fd)23*635a8641SAndroid Build Coastguard Workervoid ScopedFDCloseTraits::Free(int fd) { 24*635a8641SAndroid Build Coastguard Worker // It's important to crash here. 25*635a8641SAndroid Build Coastguard Worker // There are security implications to not closing a file descriptor 26*635a8641SAndroid Build Coastguard Worker // properly. As file descriptors are "capabilities", keeping them open 27*635a8641SAndroid Build Coastguard Worker // would make the current process keep access to a resource. Much of 28*635a8641SAndroid Build Coastguard Worker // Chrome relies on being able to "drop" such access. 29*635a8641SAndroid Build Coastguard Worker // It's especially problematic on Linux with the setuid sandbox, where 30*635a8641SAndroid Build Coastguard Worker // a single open directory would bypass the entire security model. 31*635a8641SAndroid Build Coastguard Worker int ret = IGNORE_EINTR(close(fd)); 32*635a8641SAndroid Build Coastguard Worker 33*635a8641SAndroid Build Coastguard Worker #if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_FUCHSIA) || \ 34*635a8641SAndroid Build Coastguard Worker defined(OS_ANDROID) 35*635a8641SAndroid Build Coastguard Worker // NB: Some file descriptors can return errors from close() e.g. network 36*635a8641SAndroid Build Coastguard Worker // filesystems such as NFS and Linux input devices. On Linux, macOS, and 37*635a8641SAndroid Build Coastguard Worker // Fuchsia's POSIX layer, errors from close other than EBADF do not indicate 38*635a8641SAndroid Build Coastguard Worker // failure to actually close the fd. 39*635a8641SAndroid Build Coastguard Worker if (ret != 0 && errno != EBADF) 40*635a8641SAndroid Build Coastguard Worker ret = 0; 41*635a8641SAndroid Build Coastguard Worker #endif 42*635a8641SAndroid Build Coastguard Worker 43*635a8641SAndroid Build Coastguard Worker PCHECK(0 == ret); 44*635a8641SAndroid Build Coastguard Worker } 45*635a8641SAndroid Build Coastguard Worker 46*635a8641SAndroid Build Coastguard Worker #endif // OS_POSIX || OS_FUCHSIA 47*635a8641SAndroid Build Coastguard Worker 48*635a8641SAndroid Build Coastguard Worker } // namespace internal 49*635a8641SAndroid Build Coastguard Worker } // namespace base 50