Merge "Build libminui with BOARD_VNDK_VERSION"
diff --git a/install.cpp b/install.cpp
index 7ba8f01..7fbf5c0 100644
--- a/install.cpp
+++ b/install.cpp
@@ -265,7 +265,7 @@
   }
 
   unlink(binary_path.c_str());
-  int fd = creat(binary_path.c_str(), 0755);
+  int fd = open(binary_path.c_str(), O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 0755);
   if (fd == -1) {
     PLOG(ERROR) << "Failed to create " << binary_path;
     return INSTALL_ERROR;
diff --git a/minui/resources.cpp b/minui/resources.cpp
index 86c731b..8f8d36d 100644
--- a/minui/resources.cpp
+++ b/minui/resources.cpp
@@ -56,7 +56,7 @@
 
     snprintf(resPath, sizeof(resPath)-1, "/res/images/%s.png", name);
     resPath[sizeof(resPath)-1] = '\0';
-    FILE* fp = fopen(resPath, "rb");
+    FILE* fp = fopen(resPath, "rbe");
     if (fp == NULL) {
         result = -1;
         goto exit;
diff --git a/recovery-persist.cpp b/recovery-persist.cpp
index d706cca..dbce7ff 100644
--- a/recovery-persist.cpp
+++ b/recovery-persist.cpp
@@ -59,21 +59,21 @@
 }
 
 static void copy_file(const char* source, const char* destination) {
-    FILE* dest_fp = fopen(destination, "w");
-    if (dest_fp == nullptr) {
-        PLOG(ERROR) << "Can't open " << destination;
-    } else {
-        FILE* source_fp = fopen(source, "r");
-        if (source_fp != nullptr) {
-            char buf[4096];
-            size_t bytes;
-            while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
-                fwrite(buf, 1, bytes, dest_fp);
-            }
-            check_and_fclose(source_fp, source);
-        }
-        check_and_fclose(dest_fp, destination);
+  FILE* dest_fp = fopen(destination, "we");
+  if (dest_fp == nullptr) {
+    PLOG(ERROR) << "Can't open " << destination;
+  } else {
+    FILE* source_fp = fopen(source, "re");
+    if (source_fp != nullptr) {
+      char buf[4096];
+      size_t bytes;
+      while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
+        fwrite(buf, 1, bytes, dest_fp);
+      }
+      check_and_fclose(source_fp, source);
     }
+    check_and_fclose(dest_fp, destination);
+  }
 }
 
 static bool rotated = false;
@@ -120,7 +120,7 @@
      */
     bool has_cache = false;
     static const char mounts_file[] = "/proc/mounts";
-    FILE *fp = fopen(mounts_file, "r");
+    FILE* fp = fopen(mounts_file, "re");
     if (!fp) {
         PLOG(ERROR) << "failed to open " << mounts_file;
     } else {
diff --git a/recovery.cpp b/recovery.cpp
index 852f1e8..5011588 100644
--- a/recovery.cpp
+++ b/recovery.cpp
@@ -250,7 +250,7 @@
         auto start = std::chrono::steady_clock::now();
 
         // Child logger to actually write to the log file.
-        FILE* log_fp = fopen(filename, "a");
+        FILE* log_fp = fopen(filename, "ae");
         if (log_fp == nullptr) {
             PLOG(ERROR) << "fopen \"" << filename << "\" failed";
             close(pipefd[0]);
@@ -419,27 +419,27 @@
 static off_t tmplog_offset = 0;
 
 static void copy_log_file(const char* source, const char* destination, bool append) {
-    FILE* dest_fp = fopen_path(destination, append ? "a" : "w");
-    if (dest_fp == nullptr) {
-        PLOG(ERROR) << "Can't open " << destination;
-    } else {
-        FILE* source_fp = fopen(source, "r");
-        if (source_fp != nullptr) {
-            if (append) {
-                fseeko(source_fp, tmplog_offset, SEEK_SET);  // Since last write
-            }
-            char buf[4096];
-            size_t bytes;
-            while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
-                fwrite(buf, 1, bytes, dest_fp);
-            }
-            if (append) {
-                tmplog_offset = ftello(source_fp);
-            }
-            check_and_fclose(source_fp, source);
-        }
-        check_and_fclose(dest_fp, destination);
+  FILE* dest_fp = fopen_path(destination, append ? "ae" : "we");
+  if (dest_fp == nullptr) {
+    PLOG(ERROR) << "Can't open " << destination;
+  } else {
+    FILE* source_fp = fopen(source, "re");
+    if (source_fp != nullptr) {
+      if (append) {
+        fseeko(source_fp, tmplog_offset, SEEK_SET);  // Since last write
+      }
+      char buf[4096];
+      size_t bytes;
+      while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) {
+        fwrite(buf, 1, bytes, dest_fp);
+      }
+      if (append) {
+        tmplog_offset = ftello(source_fp);
+      }
+      check_and_fclose(source_fp, source);
     }
+    check_and_fclose(dest_fp, destination);
+  }
 }
 
 static void copy_logs() {
@@ -488,7 +488,7 @@
     if (!locale.empty() && has_cache) {
         LOG(INFO) << "Saving locale \"" << locale << "\"";
 
-        FILE* fp = fopen_path(LOCALE_FILE, "w");
+        FILE* fp = fopen_path(LOCALE_FILE, "we");
         if (!android::base::WriteStringToFd(locale, fileno(fp))) {
             PLOG(ERROR) << "Failed to save locale to " << LOCALE_FILE;
         }
@@ -552,7 +552,7 @@
             }
 
             std::string data(sb.st_size, '\0');
-            FILE* f = fopen(path.c_str(), "rb");
+            FILE* f = fopen(path.c_str(), "rbe");
             fread(&data[0], 1, data.size(), f);
             fclose(f);
 
@@ -580,7 +580,7 @@
       ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno));
       return true;
     }
-    FILE* f = fopen(CONVERT_FBE_FILE, "wb");
+    FILE* f = fopen(CONVERT_FBE_FILE, "wbe");
     if (!f) {
       ui->Print("Failed to convert to file encryption %s\n", strerror(errno));
       return true;
diff --git a/tests/component/updater_test.cpp b/tests/component/updater_test.cpp
index 357a39e..01b86f2 100644
--- a/tests/component/updater_test.cpp
+++ b/tests/component/updater_test.cpp
@@ -485,7 +485,7 @@
   UpdaterInfo updater_info;
   updater_info.package_zip = handle;
   TemporaryFile temp_pipe;
-  updater_info.cmd_pipe = fopen(temp_pipe.path, "wb");
+  updater_info.cmd_pipe = fopen(temp_pipe.path, "wbe");
   updater_info.package_zip_addr = map.addr;
   updater_info.package_zip_len = map.length;
 
@@ -561,7 +561,7 @@
   UpdaterInfo updater_info;
   updater_info.package_zip = handle;
   TemporaryFile temp_pipe;
-  updater_info.cmd_pipe = fopen(temp_pipe.path, "wb");
+  updater_info.cmd_pipe = fopen(temp_pipe.path, "wbe");
   updater_info.package_zip_addr = map.addr;
   updater_info.package_zip_len = map.length;
 
diff --git a/tests/manual/recovery_test.cpp b/tests/manual/recovery_test.cpp
index d36dd33..92c6ef2 100644
--- a/tests/manual/recovery_test.cpp
+++ b/tests/manual/recovery_test.cpp
@@ -141,7 +141,7 @@
   // under recovery.
   void SetUp() override {
     std::string file_path = GetParam();
-    fp = fopen(file_path.c_str(), "rb");
+    fp = fopen(file_path.c_str(), "rbe");
     ASSERT_NE(nullptr, fp);
 
     unsigned char header[8];
diff --git a/verifier.cpp b/verifier.cpp
index 2ef9c4c..18437fb 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -474,81 +474,80 @@
 // Otherwise returns false if the file failed to parse, or if it contains zero
 // keys. The contents in certs would be unspecified on failure.
 bool load_keys(const char* filename, std::vector<Certificate>& certs) {
-    std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose);
-    if (!f) {
-        PLOG(ERROR) << "error opening " << filename;
+  std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "re"), fclose);
+  if (!f) {
+    PLOG(ERROR) << "error opening " << filename;
+    return false;
+  }
+
+  while (true) {
+    certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
+    Certificate& cert = certs.back();
+    uint32_t exponent = 0;
+
+    char start_char;
+    if (fscanf(f.get(), " %c", &start_char) != 1) return false;
+    if (start_char == '{') {
+      // a version 1 key has no version specifier.
+      cert.key_type = Certificate::KEY_TYPE_RSA;
+      exponent = 3;
+      cert.hash_len = SHA_DIGEST_LENGTH;
+    } else if (start_char == 'v') {
+      int version;
+      if (fscanf(f.get(), "%d {", &version) != 1) return false;
+      switch (version) {
+        case 2:
+          cert.key_type = Certificate::KEY_TYPE_RSA;
+          exponent = 65537;
+          cert.hash_len = SHA_DIGEST_LENGTH;
+          break;
+        case 3:
+          cert.key_type = Certificate::KEY_TYPE_RSA;
+          exponent = 3;
+          cert.hash_len = SHA256_DIGEST_LENGTH;
+          break;
+        case 4:
+          cert.key_type = Certificate::KEY_TYPE_RSA;
+          exponent = 65537;
+          cert.hash_len = SHA256_DIGEST_LENGTH;
+          break;
+        case 5:
+          cert.key_type = Certificate::KEY_TYPE_EC;
+          cert.hash_len = SHA256_DIGEST_LENGTH;
+          break;
+        default:
+          return false;
+      }
+    }
+
+    if (cert.key_type == Certificate::KEY_TYPE_RSA) {
+      cert.rsa = parse_rsa_key(f.get(), exponent);
+      if (!cert.rsa) {
         return false;
+      }
+
+      LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len;
+    } else if (cert.key_type == Certificate::KEY_TYPE_EC) {
+      cert.ec = parse_ec_key(f.get());
+      if (!cert.ec) {
+        return false;
+      }
+    } else {
+      LOG(ERROR) << "Unknown key type " << cert.key_type;
+      return false;
     }
 
-    while (true) {
-        certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
-        Certificate& cert = certs.back();
-        uint32_t exponent = 0;
-
-        char start_char;
-        if (fscanf(f.get(), " %c", &start_char) != 1) return false;
-        if (start_char == '{') {
-            // a version 1 key has no version specifier.
-            cert.key_type = Certificate::KEY_TYPE_RSA;
-            exponent = 3;
-            cert.hash_len = SHA_DIGEST_LENGTH;
-        } else if (start_char == 'v') {
-            int version;
-            if (fscanf(f.get(), "%d {", &version) != 1) return false;
-            switch (version) {
-                case 2:
-                    cert.key_type = Certificate::KEY_TYPE_RSA;
-                    exponent = 65537;
-                    cert.hash_len = SHA_DIGEST_LENGTH;
-                    break;
-                case 3:
-                    cert.key_type = Certificate::KEY_TYPE_RSA;
-                    exponent = 3;
-                    cert.hash_len = SHA256_DIGEST_LENGTH;
-                    break;
-                case 4:
-                    cert.key_type = Certificate::KEY_TYPE_RSA;
-                    exponent = 65537;
-                    cert.hash_len = SHA256_DIGEST_LENGTH;
-                    break;
-                case 5:
-                    cert.key_type = Certificate::KEY_TYPE_EC;
-                    cert.hash_len = SHA256_DIGEST_LENGTH;
-                    break;
-                default:
-                    return false;
-            }
-        }
-
-        if (cert.key_type == Certificate::KEY_TYPE_RSA) {
-            cert.rsa = parse_rsa_key(f.get(), exponent);
-            if (!cert.rsa) {
-              return false;
-            }
-
-            LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len;
-        } else if (cert.key_type == Certificate::KEY_TYPE_EC) {
-            cert.ec = parse_ec_key(f.get());
-            if (!cert.ec) {
-              return false;
-            }
-        } else {
-            LOG(ERROR) << "Unknown key type " << cert.key_type;
-            return false;
-        }
-
-        // if the line ends in a comma, this file has more keys.
-        int ch = fgetc(f.get());
-        if (ch == ',') {
-            // more keys to come.
-            continue;
-        } else if (ch == EOF) {
-            break;
-        } else {
-            LOG(ERROR) << "unexpected character between keys";
-            return false;
-        }
+    // if the line ends in a comma, this file has more keys.
+    int ch = fgetc(f.get());
+    if (ch == ',') {
+      // more keys to come.
+      continue;
+    } else if (ch == EOF) {
+      break;
+    } else {
+      LOG(ERROR) << "unexpected character between keys";
+      return false;
     }
-
-    return true;
+  }
+  return true;
 }