src/third_party/llvm-project/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst - cobalt - Git at Google

 .. title:: clang-tidy - android-cloexec-open

 android-cloexec-open
 ====================

 A common source of security bugs is code that opens a file without using the
 ``O_CLOEXEC`` flag.  Without that flag, an opened sensitive file would remain
 open across a fork+exec to a lower-privileged SELinux domain, leaking that
 sensitive data. Open-like functions including ``open()``, ``openat()``, and
 ``open64()`` should include ``O_CLOEXEC`` in their flags argument.

 Examples:

 .. code-block:: c++

   open("filename", O_RDWR);
   open64("filename", O_RDWR);
   openat(0, "filename", O_RDWR);

   // becomes

   open("filename", O_RDWR | O_CLOEXEC);
   open64("filename", O_RDWR | O_CLOEXEC);
   openat(0, "filename", O_RDWR | O_CLOEXEC);
	.. title:: clang-tidy - android-cloexec-open

	android-cloexec-open
	====================

	A common source of security bugs is code that opens a file without using the
	``O_CLOEXEC`` flag. Without that flag, an opened sensitive file would remain
	open across a fork+exec to a lower-privileged SELinux domain, leaking that
	sensitive data. Open-like functions including ``open()``, ``openat()``, and
	``open64()`` should include ``O_CLOEXEC`` in their flags argument.

	Examples:

	.. code-block:: c++

	open("filename", O_RDWR);
	open64("filename", O_RDWR);
	openat(0, "filename", O_RDWR);

	// becomes

	open("filename", O_RDWR \| O_CLOEXEC);
	open64("filename", O_RDWR \| O_CLOEXEC);
	openat(0, "filename", O_RDWR \| O_CLOEXEC);