1.. title:: clang-tidy - android-cloexec-pipe 2 3android-cloexec-pipe 4==================== 5 6This check detects usage of ``pipe()``. Using ``pipe()`` is not recommended, ``pipe2()`` is the 7suggested replacement. The check also adds the O_CLOEXEC flag that marks the file descriptor to 8be closed in child processes. Without this flag a sensitive file descriptor can be leaked to a 9child process, potentially into a lower-privileged SELinux domain. 10 11Examples: 12 13.. code-block:: c++ 14 15 pipe(pipefd); 16 17Suggested replacement: 18 19.. code-block:: c++ 20 21 pipe2(pipefd, O_CLOEXEC); 22