From 6496c4bf6f31bd0714a341d51c1cff7f15938e84 Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Mon, 29 Aug 2016 14:20:59 -0700
Subject: [PATCH] base: disallow close() on unique_fd.

unique_fd's implicit conversion to int allows it to be passed to
close(2), which is dangerous because unique_fd will think that it still
has ownership of the now-closed fd. Disallow this by providing an
overload for close that's tagged with an attribute that gives a
compile-time error.

Test: m
Change-Id: I514591335b337f2f57c1df371cf3979304aea17c
---
 base/include/android-base/unique_fd.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/base/include/android-base/unique_fd.h b/base/include/android-base/unique_fd.h
index 869e60f58..c32331180 100644
--- a/base/include/android-base/unique_fd.h
+++ b/base/include/android-base/unique_fd.h
@@ -95,4 +95,14 @@ using unique_fd = unique_fd_impl<DefaultCloser>;
 }  // namespace base
 }  // namespace android
 
+template <typename T>
+int close(const android::base::unique_fd_impl<T>&)
+#if defined(__clang__)
+  __attribute__((__unavailable__(
+#else
+  __attribute__((__error__(
+#endif
+    "close called on unique_fd"
+  )));
+
 #endif  // ANDROID_BASE_UNIQUE_FD_H