.. title:: clang-tidy - android-cloexec-accept

android-cloexec-accept
======================

The usage of ``accept()`` is not recommended, it's better to use ``accept4()``.
Without this flag, an opened sensitive file descriptor would remain open across
a fork+exec to a lower-privileged SELinux domain.

Examples:

.. code-block:: c++

  accept(sockfd, addr, addrlen);

  // becomes

  accept4(sockfd, addr, addrlen, SOCK_CLOEXEC);