Backport changes to whitelist sockets opened by the zygote.

This is the backport of the following commits :

Commit c5f27a7cb2ec816f483a65255034a1b57a8aa22:
-----------------------------------------------

Reopen whitelisted zygote file descriptors after a fork.

We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.

This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
  first zygote fork.

- On each subsequent fork, we check whether the list of open FDs
  has changed. We are currently tolerant of changes, but in the
  longer term, it should be a fatal error if the set of open file
  descriptors in the zygote changes.

- Post fork, we traverse the list of open descriptors and reopen
  them if necessary.

bug: 30963384

Commit 3764a260f0c90dcb323caeda14baf903cc108759:
-----------------------------------------------

Add a whitelist of sockets on fork.

Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.

This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.

bug: 30963384

Commit 0b76d6a28e6978151bf245a775329cdae5e574d5
-----------------------------------------------

fd_utils: Fix broken usage of iterators.

There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
  will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
  structural changes to it is broken. Switch to a while loop and treat
  cases where elements are erased differently from cases where they
  aren't.

bug: 31092930
bug: 30963384

Plus additional changes:
-----------------------------------------------
- change unordered_map to map.
- add /dev/log/* files to the whitelist.
- add an exemption for opened netlink sockets.
- map.erase(iterator) returns void prior to C++11, so need the kludge
  of calling erase(it++).

bug: 30963384

Change-Id: I21c60358097c54497a8c5f4e75624191cd5c2416
(cherry picked from commit 63545150c216578ba578d6c205cb2835b2c9d75f)

Author: narayank

vm/native/dalvik_system_Zygote.cpp

@@ -41,6 +41,10 @@
 #include <sys/utsname.h>
 #include <sys/capability.h>
 
+#ifdef HAVE_ANDROID_OS
+#include "fd_utils-inl.h"
+#endif
+
 #if defined(HAVE_PRCTL)
 # include <sys/prctl.h>
 #endif
@@ -523,6 +527,11 @@ static void detachDescriptors(ArrayObject* fdsToClose) {
 
 #endif
 
+#ifdef HAVE_ANDROID_OS
+// The list of open zygote file descriptors.
+static FileDescriptorTable* gOpenFdTable = NULL;
+#endif
+
 /*
  * Utility routine to fork zygote and specialize the child process.
  */
@@ -590,6 +599,27 @@ static pid_t forkAndSpecializeCommon(const u4* args, bool isSystemServer, bool l
     setSignalHandler();
 
     dvmDumpLoaderStats("zygote");
+
+    // Close any logging related FDs before we start evaluating the list of
+    // file descriptors.
+    __android_log_close();
+
+#ifdef HAVE_ANDROID_OS
+    // If this is the first fork for this zygote, create the open FD table.
+    // If it isn't, we just need to check whether the list of open files
+    // has changed (and it shouldn't in the normal case).
+    if (gOpenFdTable == NULL) {
+        gOpenFdTable = FileDescriptorTable::Create();
+        if (gOpenFdTable == NULL) {
+            ALOGE("Unable to construct file descriptor table.");
+            dvmAbort();
+        }
+    } else if (!gOpenFdTable->Restat()) {
+        ALOGE("Unable to restat file descriptor table.");
+        dvmAbort();
+    }
+#endif
+
     pid = fork();
 
     if (pid == 0) {
@@ -629,6 +659,12 @@ static pid_t forkAndSpecializeCommon(const u4* args, bool isSystemServer, bool l
             }
         }
 
+        // Re-open all remaining open file descriptors so that they aren't
+        // shared with the zygote across a fork.
+        if (!gOpenFdTable->ReopenOrDetach()) {
+            ALOGE("Unable to reopen whitelisted descriptors.");
+            dvmAbort();
+        }
 #endif /* HAVE_ANDROID_OS */
 
         if (mountMode != MOUNT_EXTERNAL_NONE) {