Google Git
Sign in
llvm / llvm-project / clang-tools-extra / 8fe06a71479966ab57b4013503af098a8cafebd6
commit8fe06a71479966ab57b4013503af098a8cafebd6[log] [tgz]
authorYan Wang <yawanng@google.com>Fri Jun 23 21:37:29 2017 +0000
committerCopybara-Service <copybara-worker@google.com>Fri Sep 04 15:13:04 2020 -0700
tree35dab9ed9b78a8fc53383b8ec422b4863572ab57
parent8eec41249d8de7c97740ae6500990ea87b6bb8cd [diff]
[clang-tidy][Part1] Add a new module Android and three new checks.

Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag.  (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).

Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]

Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747

Reviewers: chh, alexfh, aaron.ballman, hokein

Reviewed By: alexfh, hokein

Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski

Tags: #clang-tools-extra

Differential Revision: https://reviews.llvm.org/D33304

llvm-svn: 306165
GitOrigin-RevId: 36206206cdb20b17f8cf80b10b483af6efd4880e
14 files changed
tree: 35dab9ed9b78a8fc53383b8ec422b4863572ab57
  1. change-namespace/
  2. clang-apply-replacements/
  3. clang-move/
  4. clang-query/
  5. clang-rename/
  6. clang-reorder-fields/
  7. clang-tidy/
  8. clang-tidy-vs/
  9. clangd/
  10. docs/
  11. include-fixer/
  12. modularize/
  13. pp-trace/
  14. test/
  15. tool-template/
  16. unittests/
  17. .arcconfig
  18. .gitignore
  19. CMakeLists.txt
  20. CODE_OWNERS.TXT
  21. LICENSE.TXT
  22. README.txt