From 29a3b8cd39904e17665279a4787a932f351739d8 Mon Sep 17 00:00:00 2001
From: Wiktor Garbacz <wiktorg@google.com>
Date: Thu, 1 Feb 2024 02:51:09 -0800
Subject: [PATCH] Add AllowAccess to SAPI's default policy

The syscalls are fairly common and low risk.

PiperOrigin-RevId: 603312020
Change-Id: Id06bddc4e7fcc879cad567361ae5b0bad9533142
---
 sandboxed_api/sandbox.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sandboxed_api/sandbox.cc b/sandboxed_api/sandbox.cc
index 02cc51c..88b2696 100644
--- a/sandboxed_api/sandbox.cc
+++ b/sandboxed_api/sandbox.cc
@@ -76,6 +76,7 @@ void InitDefaultPolicyBuilder(sandbox2::PolicyBuilder* builder) {
       .AllowGetPIDs()
       .AllowSleep()
       .AllowReadlink()
+      .AllowAccess()
       .AllowSyscalls({
           __NR_recvmsg,
           __NR_sendmsg,