Fix android.security.cts.FileDescriptorTest#testCLOEXEC
When ART is mainline, it will create memFd boot-image-methods.art
without MFD_CLOEXEC.
Add MFD_CLOEXEC flag when create boot-image-methods.art memFd.
Bug: 197498527
Test: run cts CtsSecurityTestCases pass
Merged-In: If941c036f7adb598d67ec2b2c5bc4cb24994e3a1
(cherry picked from commit 3326fcea1ead5d5d360a053704faad27b6dd8c40)
Change-Id: Icfc2420e8e9d3f61f5e3f2eb5bfc53108c2c251b
(cherry picked from commit 0857789b5b09bccc977f712a071c7b68bfccae05)
diff --git a/libartbase/base/memfd.h b/libartbase/base/memfd.h
index 0bb336d..3c27dcb 100644
--- a/libartbase/base/memfd.h
+++ b/libartbase/base/memfd.h
@@ -53,6 +53,10 @@
# define F_SEAL_FUTURE_WRITE 0x0010
#endif
+#ifndef MFD_CLOEXEC
+# define MFD_CLOEXEC 0x0001U
+#endif
+
#ifndef MFD_ALLOW_SEALING
# define MFD_ALLOW_SEALING 0x0002U
#endif
diff --git a/runtime/jit/jit.cc b/runtime/jit/jit.cc
index 5ee8871..876e120 100644
--- a/runtime/jit/jit.cc
+++ b/runtime/jit/jit.cc
@@ -1238,7 +1238,8 @@
// Start with '/boot' and end with '.art' to match the pattern recognized
// by android_os_Debug.cpp for boot images.
const char* name = "/boot-image-methods.art";
- unique_fd mem_fd = unique_fd(art::memfd_create(name, /* flags= */ MFD_ALLOW_SEALING));
+ unique_fd mem_fd =
+ unique_fd(art::memfd_create(name, /* flags= */ MFD_ALLOW_SEALING | MFD_CLOEXEC));
if (mem_fd.get() == -1) {
PLOG(WARNING) << "Could not create boot image methods file descriptor";
return;
