android-cloexec-accept¶

The usage of accept() is not recommended, it’s better to use accept4(). Without this flag, an opened sensitive file descriptor would remain open across a fork+exec to a lower-privileged SELinux domain.

Examples:

accept(sockfd, addr, addrlen);

// becomes

accept4(sockfd, addr, addrlen, SOCK_CLOEXEC);

Extra Clang Tools 18.0.0git documentation

clang-tidy - android-cloexec-accept

android-cloexec-accept¶