android-cloexec-dup¶

The usage of dup() is not recommended, it’s better to use fcntl(), which can set the close-on-exec flag. Otherwise, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain.

Examples:

int fd = dup(oldfd);

// becomes

int fd = fcntl(oldfd, F_DUPFD_CLOEXEC);

Extra Clang Tools 18.0.0git documentation

clang-tidy - android-cloexec-dup

android-cloexec-dup¶