StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Allow access to /sys/devices/system/cpu/

Browse Source 
PiperOrigin-RevId: 439506287
Change-Id: I5d41ed234860f02329c960144b1da725e24549dd
This commit is contained in:
Sandboxed API Team 2022-04-05 00:28:44 -07:00 committed by Copybara-Service
parent e98133c7b4
commit 1db315207a
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sandboxed_api/sandbox2/policybuilder.cc
View File

@ -502,6 +502,7 @@ PolicyBuilder& PolicyBuilder::AllowRestartableSequencesWithProcFiles(
AllowRestartableSequences(cpu_fence_mode);
AddFile("/proc/cpuinfo");
AddFile("/proc/stat");
AddDirectory("/sys/devices/system/cpu");
if (cpu_fence_mode == kAllowSlowFences) {
AddFile("/proc/self/cpuset");
}

2
sandboxed_api/sandbox2/policybuilder.h
View File

@ -148,6 +148,8 @@ class PolicyBuilder final {
// Allows these files:
// - "/proc/cpuinfo"
// - "/proc/stat"
// And this directory (including subdirs/files):
// - "/sys/devices/system/cpu/"
//
// If `cpu_fence_mode` is `kAllowSlowFences`, also permits slow CPU fences.
// Allows these syscalls: