summaryrefslogtreecommitdiffstats
path: root/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe2.rst
diff options
context:
space:
mode:
Diffstat (limited to 'clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe2.rst')
-rw-r--r--clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe2.rst21
1 files changed, 21 insertions, 0 deletions
diff --git a/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe2.rst b/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe2.rst
new file mode 100644
index 00000000000..071d7d8b06c
--- /dev/null
+++ b/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe2.rst
@@ -0,0 +1,21 @@
+.. title:: clang-tidy - android-cloexec-pipe2
+
+android-cloexec-pipe2
+=====================
+
+This checks ensures that pipe2() is called with the O_CLOEXEC flag. The check also
+adds the O_CLOEXEC flag that marks the file descriptor to be closed in child processes.
+Without this flag a sensitive file descriptor can be leaked to a child process,
+potentially into a lower-privileged SELinux domain.
+
+Examples:
+
+.. code-block:: c++
+
+ pipe2(pipefd, O_NONBLOCK);
+
+Suggested replacement:
+
+.. code-block:: c++
+
+ pipe2(pipefd, O_NONBLOCK | O_CLOEXEC);
OpenPOWER on IntegriCloud