A common source of security bugs has been code that opens file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and three checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags
-- creat() should be replaced by open().
-- fopen() should include "e" in their mode string.