diff options
| author | Yan Wang <yawanng@google.com> | 2017-06-23 21:37:29 +0000 |
|---|---|---|
| committer | Yan Wang <yawanng@google.com> | 2017-06-23 21:37:29 +0000 |
| commit | 36206206cdb20b17f8cf80b10b483af6efd4880e (patch) | |
| tree | c2a52be2cdd73dc6be4d6461219cbda264e3f5b4 /clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp | |
| parent | d1c3780cf62ebb997c220ed0bd3bd19db4d9403c (diff) | |
| download | bcm5719-llvm-36206206cdb20b17f8cf80b10b483af6efd4880e.tar.gz bcm5719-llvm-36206206cdb20b17f8cf80b10b483af6efd4880e.zip | |
[clang-tidy][Part1] Add a new module Android and three new checks.
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
Diffstat (limited to 'clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp')
| -rw-r--r-- | clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp b/clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp new file mode 100644 index 00000000000..0ff7060a548 --- /dev/null +++ b/clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp @@ -0,0 +1,40 @@ +//===--- AndroidTidyModule.cpp - clang-tidy--------------------------------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#include "../ClangTidy.h" +#include "../ClangTidyModule.h" +#include "../ClangTidyModuleRegistry.h" +#include "FileOpenFlagCheck.h" + +using namespace clang::ast_matchers; + +namespace clang { +namespace tidy { +namespace android { + +/// This module is for Android specific checks. +class AndroidModule : public ClangTidyModule { +public: + void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override { + CheckFactories.registerCheck<FileOpenFlagCheck>("android-file-open-flag"); + } +}; + +// Register the AndroidTidyModule using this statically initialized variable. +static ClangTidyModuleRegistry::Add<AndroidModule> + X("android-module", "Adds Android platform checks."); + +} // namespace android + +// This anchor is used to force the linker to link in the generated object file +// and thus register the AndroidModule. +volatile int AndroidModuleAnchorSource = 0; + +} // namespace tidy +} // namespace clang |
