forked from OSchip/llvm-project
36206206cd
Summary: A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.). Add a new Android module and one checks in clang-tidy. -- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag] Links to part2 and part3: https://reviews.llvm.org/D33745 https://reviews.llvm.org/D33747 Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: alexfh, hokein Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33304 llvm-svn: 306165 |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| ClangTidyDiagnosticConsumerTest.cpp | ||
| ClangTidyOptionsTest.cpp | ||
| ClangTidyTest.h | ||
| GoogleModuleTest.cpp | ||
| IncludeInserterTest.cpp | ||
| LLVMModuleTest.cpp | ||
| MiscModuleTest.cpp | ||
| NamespaceAliaserTest.cpp | ||
| OverlappingReplacementsTest.cpp | ||
| ReadabilityModuleTest.cpp | ||
| UsingInserterTest.cpp | ||