Add a helper method to allow the eventfd* family of syscalls.

PiperOrigin-RevId: 518565738 Change-Id: I2a3efe069ab1da65dd5f7cdcd3762637b7274b49
2024-03-22 13:11:30 +08:00 · 2023-03-22 07:46:14 -07:00 · 2023-03-22 07:46:14 -07:00 · 18894d57f9
commit 18894d57f9
parent b50bc23138
2 changed files with 16 additions and 0 deletions
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@ -844,6 +844,16 @@ PolicyBuilder& PolicyBuilder::AllowRename() {
  return *this;
 }

+PolicyBuilder& PolicyBuilder::AllowEventFd() {
+  AllowSyscalls({
+#ifdef __NR_eventfd
+      __NR_eventfd,
+#endif
+      __NR_eventfd2,
+  });
+  return *this;
+}
+
 PolicyBuilder& PolicyBuilder::AllowPrctlSetName() {
  AddPolicyOnSyscall(__NR_prctl, {ARG_32(0), JEQ32(PR_SET_NAME, ALLOW)});
  return *this;
--- a/sandboxed_api/sandbox2/policybuilder.h
+++ b/sandboxed_api/sandbox2/policybuilder.h
@ -474,6 +474,12 @@ class PolicyBuilder final {
  // - renameat2
  PolicyBuilder& AllowRename();

+  // Appends code to allow creating event notification file descriptors.
+  // Allows these syscalls:
+  // - eventfd (if available)
+  // - eventfd2
+  PolicyBuilder& AllowEventFd();
+
  // Appends code to allow polling files.
  // Allows these syscalls:
  // - poll (if available)