Add a helper method to allow the eventfd* family of syscalls.

PiperOrigin-RevId: 518565738
Change-Id: I2a3efe069ab1da65dd5f7cdcd3762637b7274b49
This commit is contained in:
Sandboxed API Team 2023-03-22 07:46:14 -07:00 committed by Copybara-Service
parent b50bc23138
commit 18894d57f9
2 changed files with 16 additions and 0 deletions

View File

@ -844,6 +844,16 @@ PolicyBuilder& PolicyBuilder::AllowRename() {
return *this; return *this;
} }
PolicyBuilder& PolicyBuilder::AllowEventFd() {
AllowSyscalls({
#ifdef __NR_eventfd
__NR_eventfd,
#endif
__NR_eventfd2,
});
return *this;
}
PolicyBuilder& PolicyBuilder::AllowPrctlSetName() { PolicyBuilder& PolicyBuilder::AllowPrctlSetName() {
AddPolicyOnSyscall(__NR_prctl, {ARG_32(0), JEQ32(PR_SET_NAME, ALLOW)}); AddPolicyOnSyscall(__NR_prctl, {ARG_32(0), JEQ32(PR_SET_NAME, ALLOW)});
return *this; return *this;

View File

@ -474,6 +474,12 @@ class PolicyBuilder final {
// - renameat2 // - renameat2
PolicyBuilder& AllowRename(); PolicyBuilder& AllowRename();
// Appends code to allow creating event notification file descriptors.
// Allows these syscalls:
// - eventfd (if available)
// - eventfd2
PolicyBuilder& AllowEventFd();
// Appends code to allow polling files. // Appends code to allow polling files.
// Allows these syscalls: // Allows these syscalls:
// - poll (if available) // - poll (if available)