1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "base/files/scoped_file.h"
6 
7 #include "base/logging.h"
8 #include "build/build_config.h"
9 
10 #if defined(OS_POSIX) || defined(OS_FUCHSIA)
11 #include <errno.h>
12 #include <unistd.h>
13 
14 #include "base/posix/eintr_wrapper.h"
15 #endif
16 
17 namespace base {
18 namespace internal {
19 
20 #if defined(OS_POSIX) || defined(OS_FUCHSIA)
21 
22 // static
Free(int fd)23 void ScopedFDCloseTraits::Free(int fd) {
24   // It's important to crash here.
25   // There are security implications to not closing a file descriptor
26   // properly. As file descriptors are "capabilities", keeping them open
27   // would make the current process keep access to a resource. Much of
28   // Chrome relies on being able to "drop" such access.
29   // It's especially problematic on Linux with the setuid sandbox, where
30   // a single open directory would bypass the entire security model.
31   int ret = IGNORE_EINTR(close(fd));
32 
33 #if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_FUCHSIA) || \
34     defined(OS_ANDROID)
35   // NB: Some file descriptors can return errors from close() e.g. network
36   // filesystems such as NFS and Linux input devices. On Linux, macOS, and
37   // Fuchsia's POSIX layer, errors from close other than EBADF do not indicate
38   // failure to actually close the fd.
39   if (ret != 0 && errno != EBADF)
40     ret = 0;
41 #endif
42 
43   PCHECK(0 == ret);
44 }
45 
46 #endif  // OS_POSIX || OS_FUCHSIA
47 
48 }  // namespace internal
49 }  // namespace base
50