1.. title:: clang-tidy - android-cloexec-accept4 2 3android-cloexec-accept4 4======================= 5 6``accept4()`` should include ``SOCK_CLOEXEC`` in its type argument to avoid the 7file descriptor leakage. Without this flag, an opened sensitive file would 8remain open across a fork+exec to a lower-privileged SELinux domain. 9 10Examples: 11 12.. code-block:: c++ 13 14 accept4(sockfd, addr, addrlen, SOCK_NONBLOCK); 15 16 // becomes 17 18 accept4(sockfd, addr, addrlen, SOCK_NONBLOCK | SOCK_CLOEXEC); 19