fixup! add exec spawning implementation

Ensure that no new file descriptors are racily opened by signal handlers in the child process.

Author: muhomorr

core/jni/com_android_internal_os_Zygote.cpp

@@ -3143,6 +3143,18 @@ static jint com_android_internal_os_Zygote_nativeForkExec(JNIEnv* env, jclass,
     // first, but 32-bit zygote won't have them set if this is the first app launch zygote command.
     SetSignalHandlers();
 
+    sigset64_t full_sig_set;
+    sigfillset64(&full_sig_set);
+
+    sigset64_t prev_sig_set;
+
+    // ensure that no new file descriptors are racily opened by signal handlers in the child process
+    if (sigprocmask64(SIG_BLOCK, &full_sig_set, &prev_sig_set) != 0) {
+        ALOGE("sigprocmask64 failed before fork: %s", strerror(errno));
+        close(cmd_fd);
+        return -1;
+    }
+
     // fork() runs bionic fork hooks which are unnecessary for this use-case
     pid_t pid = _Fork();
 
@@ -3151,6 +3163,10 @@ static jint com_android_internal_os_Zygote_nativeForkExec(JNIEnv* env, jclass,
         if (pid == -1) {
             ALOGE("fork failed: %s", strerror(errno));
         }
+        if (sigprocmask64(SIG_SETMASK, &prev_sig_set, nullptr) != 0) {
+            ALOGE("sigprocmask64 failed in parent after fork: %s", strerror(errno));
+            _exit(1);
+        }
         close(cmd_fd);
         if (is_environment_cloned) {
             free_environ(environment);
@@ -3169,6 +3185,11 @@ static jint com_android_internal_os_Zygote_nativeForkExec(JNIEnv* env, jclass,
             _exit(1);
         }
 
+        if (sigprocmask64(SIG_SETMASK, &prev_sig_set, nullptr) != 0) {
+            async_safe_format_log(ANDROID_LOG_ERROR, "sigprocmask64 failed in child after fork: %#m", nullptr);
+            _exit(1);
+        }
+
 #if defined(__aarch64__)
         const int FLAG_COMPAT_VA_39_BIT = 1 << 30;
         execveat(-1, argv[0], (char **) argv, environment, enable_compat_va_39_bit ? FLAG_COMPAT_VA_39_BIT : 0);