tidy - android-cloexec-open — Extra Clang Tools 22.0.0git documentation (original) (raw)

A common source of security bugs is code that opens a file without using theO_CLOEXEC flag. Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data. Open-like functions including open(), openat(), andopen64() should include O_CLOEXEC in their flags argument.

Examples:

open("filename", O_RDWR); open64("filename", O_RDWR); openat(0, "filename", O_RDWR);

// becomes

open("filename", O_RDWR | O_CLOEXEC); open64("filename", O_RDWR | O_CLOEXEC); openat(0, "filename", O_RDWR | O_CLOEXEC);