tpm_lite: Set O_CLOEXEC when opening TPM device.

This sets O_CLOEXEC when opening the TPM device to make sure the file
descriptor isn't shared across processes. The TPM character device
exposes the raw communication channel to send/receive commands to/from
the TPM. The TPM is not designed for concurrent access by multiple
users and the kernel driver already returns EBUSY on open when a
different process has already opened it. Consequently, it only makes
sense to have the /dev/tpm0 file descriptor be closed automatically on

None of the callers I'm aware of need to share the TPM file descriptor
across processes, and mount-encrypted has some ad-hoc code to close the
descriptor when it does fork+exec to spawn a helper. The existing code
isn't consistent and comprehensive (mount-encrypted spawns other
helpers where it forgets to close the file descriptor), so the plan is
to set O_CLOEXEC and remove the ad-hoc code.

TEST=Compiles, passes tests, image boots.

Change-Id: Ia6e73fb12e8f2ed8fe99b4c53ea6eb8cda4a21f5
Commit-Ready: Mattias Nissler <>
Tested-by: Mattias Nissler <>
Reviewed-by: Andrey Pronin <>
1 file changed