Move validate_raw_fd to sys_util

validate_raw_fd is needed for the plugin crate.  Move it into a common
location so that it can be shared by both the linux and plugin code.

BUG=b:80150167
TEST=manual

Change-Id: I427e10716e75b2619fd0f4ba6725fa40446db4af
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341101
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

1 files changed, 22 insertions, 1 deletions

diff --git a/sys_util/src/lib.rs b/sys_util/src/lib.rs
index 141c8b5..8e902ab50 100644
--- a/sys_util/src/lib.rs
+++ b/sys_util/src/lib.rs
@@ -73,7 +73,7 @@ pub use write_zeroes::{PunchHole, WriteZeroes};
 
 use std::ffi::CStr;
 use std::fs::{remove_file, File};
-use std::os::unix::io::{AsRawFd, FromRawFd};
+use std::os::unix::io::{AsRawFd, FromRawFd, RawFd};
 use std::os::unix::net::UnixDatagram;
 use std::ptr;
 
@@ -301,3 +301,24 @@ impl Drop for UnlinkUnixDatagram {
         }
     }
 }
+
+/// Verifies that |raw_fd| is actually owned by this process and duplicates it to ensure that
+/// we have a unique handle to it.
+pub fn validate_raw_fd(raw_fd: RawFd) -> Result<RawFd> {
+    // Checking that close-on-exec isn't set helps filter out FDs that were opened by
+    // crosvm as all crosvm FDs are close on exec.
+    // Safe because this doesn't modify any memory and we check the return value.
+    let flags = unsafe { libc::fcntl(raw_fd, libc::F_GETFD) };
+    if flags < 0 || (flags & libc::FD_CLOEXEC) != 0 {
+        return Err(Error::new(libc::EBADF));
+    }
+
+    // Duplicate the fd to ensure that we don't accidentally close an fd previously
+    // opened by another subsystem.  Safe because this doesn't modify any memory and
+    // we check the return value.
+    let dup_fd = unsafe { libc::fcntl(raw_fd, libc::F_DUPFD_CLOEXEC, 0) };
+    if dup_fd < 0 {
+        return Err(Error::last());
+    }
+    Ok(dup_fd as RawFd)
+}