StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Implement DangerDefaultAllowAll using DefaultAction(AllowAllSyscalls())

Browse Source 
PiperOrigin-RevId: 513861597
Change-Id: I6e4038648a005bbe57ca33a4c0466f5af2184da8
This commit is contained in:
Wiktor Garbacz 2023-03-03 10:25:39 -08:00 committed by Copybara-Service
parent e09c2bc215
commit 550b26587f
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sandboxed_api/sandbox2/policybuilder.cc
View File

@ -1113,8 +1113,7 @@ PolicyBuilder& PolicyBuilder::AddPolicyOnMmap(BpfFunc f) {
}
PolicyBuilder& PolicyBuilder::DangerDefaultAllowAll() {
default_action_ = ALLOW;
return *this;
return DefaultAction(AllowAllSyscalls());
}
PolicyBuilder& PolicyBuilder::DefaultAction(AllowAllSyscalls) {

3
sandboxed_api/sandbox2/policybuilder.h
View File

@ -672,9 +672,10 @@ class PolicyBuilder final {
// All syscalls not handled explicitly by the policy will thus be allowed.
// Do not use in environment with untrusted code and/or data, ask
// sandbox-team@ first if unsure.
PolicyBuilder& DefaultAction(AllowAllSyscalls);
ABSL_DEPRECATED("Use DefaultAction(sandbox2::AllowAllSyscalls()) instead")
PolicyBuilder& DangerDefaultAllowAll();
PolicyBuilder& DefaultAction(AllowAllSyscalls);
// Allows syscalls that are necessary for the NetworkProxyClient
PolicyBuilder& AddNetworkProxyPolicy();