19 lines · plain
1.. title:: clang-tidy - android-cloexec-accept42 3android-cloexec-accept44=======================5 6``accept4()`` should include ``SOCK_CLOEXEC`` in its type argument to avoid the7file descriptor leakage. Without this flag, an opened sensitive file would8remain open across a fork+exec to a lower-privileged SELinux domain.9 10Examples:11 12.. code-block:: c++13 14 accept4(sockfd, addr, addrlen, SOCK_NONBLOCK);15 16 // becomes17 18 accept4(sockfd, addr, addrlen, SOCK_NONBLOCK | SOCK_CLOEXEC);19