HomePhabricator

[clang-tidy][Part1] Add a new module Android and three new checks.

Description

[clang-tidy][Part1] Add a new module Android and three new checks.

Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).

Add a new Android module and one checks in clang-tidy.

  • open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]

Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747

Reviewers: chh, alexfh, aaron.ballman, hokein

Reviewed By: alexfh, hokein

Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski

Tags: #clang-tools-extra

Differential Revision: https://reviews.llvm.org/D33304

Details

Committed
yawanngJun 23 2017, 2:37 PM
Reviewer
alexfh
Differential Revision
D33304: [clang-tidy][Part1] Add a new module Android and three new checks.
Branches
Unknown
Tags
Unknown