.. title:: clang-tidy - android-cloexec-pipe

android-cloexec-pipe
====================

This check detects usage of ``pipe()``. Using ``pipe()`` is not recommended,
``pipe2()`` is the suggested replacement. The check also adds the ``O_CLOEXEC``
flag that marks the file descriptor to be closed in child processes.
Without this flag a sensitive file descriptor can be leaked to a
child process, potentially into a lower-privileged SELinux domain.

Examples:

.. code-block:: c++

  pipe(pipefd);

Suggested replacement:

.. code-block:: c++

  pipe2(pipefd, O_CLOEXEC);
