}
// Open device FD.
- device_fd->reset(open("/dev/fuse", O_RDWR)); // not O_CLOEXEC
+ // NOLINTNEXTLINE(android-cloexec-open): Deliberately not O_CLOEXEC
+ device_fd->reset(open("/dev/fuse", O_RDWR));
if (device_fd->get() == -1) {
PLOG(ERROR) << "Failed to open /dev/fuse";
return -1;
Status status = Status::ok();
LOG(INFO) << action << " checkpoint on " << blockDevice;
- base::unique_fd device_fd(open(blockDevice.c_str(), O_RDWR));
+ base::unique_fd device_fd(open(blockDevice.c_str(), O_RDWR | O_CLOEXEC));
if (device_fd < 0) {
PLOG(ERROR) << "Cannot open " << blockDevice;
return Status::fromExceptionCode(errno, ("Cannot open " + blockDevice).c_str());
}
// We purposefully leave the namespace open across the fork
- nsFd = openat(pidFd, "ns/mnt", O_RDONLY); // not O_CLOEXEC
+ // NOLINTNEXTLINE(android-cloexec-open): Deliberately not O_CLOEXEC
+ nsFd = openat(pidFd, "ns/mnt", O_RDONLY);
if (nsFd < 0) {
PLOG(WARNING) << "Failed to open namespace for " << de->d_name;
goto next;
#define F2FS_IOC_SET_PIN_FILE _IOW(F2FS_IOCTL_MAGIC, 13, __u32)
#define F2FS_IOC_GET_PIN_FILE _IOR(F2FS_IOCTL_MAGIC, 14, __u32)
#endif
- android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(target.c_str(), O_WRONLY, 0)));
+ android::base::unique_fd fd(
+ TEMP_FAILURE_RETRY(open(target.c_str(), O_WRONLY | O_CLOEXEC, 0)));
if (fd == -1) {
LOG(ERROR) << "Secure discard open failed for: " << target;
return 0;