From 18894d57f9500baaf5020d9c8afada1b73f8785e Mon Sep 17 00:00:00 2001
From: Sandboxed API Team <sandboxed-api@google.com>
Date: Wed, 22 Mar 2023 07:46:14 -0700
Subject: [PATCH] Add a helper method to allow the eventfd* family of syscalls.

PiperOrigin-RevId: 518565738
Change-Id: I2a3efe069ab1da65dd5f7cdcd3762637b7274b49
---
 sandboxed_api/sandbox2/policybuilder.cc | 10 ++++++++++
 sandboxed_api/sandbox2/policybuilder.h  |  6 ++++++
 2 files changed, 16 insertions(+)

diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
index 5e562f3..69feb42 100644
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@@ -844,6 +844,16 @@ PolicyBuilder& PolicyBuilder::AllowRename() {
   return *this;
 }
 
+PolicyBuilder& PolicyBuilder::AllowEventFd() {
+  AllowSyscalls({
+#ifdef __NR_eventfd
+      __NR_eventfd,
+#endif
+      __NR_eventfd2,
+  });
+  return *this;
+}
+
 PolicyBuilder& PolicyBuilder::AllowPrctlSetName() {
   AddPolicyOnSyscall(__NR_prctl, {ARG_32(0), JEQ32(PR_SET_NAME, ALLOW)});
   return *this;
diff --git a/sandboxed_api/sandbox2/policybuilder.h b/sandboxed_api/sandbox2/policybuilder.h
index b265a39..cd228a4 100644
--- a/sandboxed_api/sandbox2/policybuilder.h
+++ b/sandboxed_api/sandbox2/policybuilder.h
@@ -474,6 +474,12 @@ class PolicyBuilder final {
   // - renameat2
   PolicyBuilder& AllowRename();
 
+  // Appends code to allow creating event notification file descriptors.
+  // Allows these syscalls:
+  // - eventfd (if available)
+  // - eventfd2
+  PolicyBuilder& AllowEventFd();
+
   // Appends code to allow polling files.
   // Allows these syscalls:
   // - poll (if available)