From 550b26587f08ad5002a3cac88e14aeaf03e77eab Mon Sep 17 00:00:00 2001 From: Wiktor Garbacz Date: Fri, 3 Mar 2023 10:25:39 -0800 Subject: [PATCH] Implement DangerDefaultAllowAll using DefaultAction(AllowAllSyscalls()) PiperOrigin-RevId: 513861597 Change-Id: I6e4038648a005bbe57ca33a4c0466f5af2184da8 --- sandboxed_api/sandbox2/policybuilder.cc | 3 +-- sandboxed_api/sandbox2/policybuilder.h | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc index 46190ea..3878c80 100644 --- a/sandboxed_api/sandbox2/policybuilder.cc +++ b/sandboxed_api/sandbox2/policybuilder.cc @@ -1113,8 +1113,7 @@ PolicyBuilder& PolicyBuilder::AddPolicyOnMmap(BpfFunc f) { } PolicyBuilder& PolicyBuilder::DangerDefaultAllowAll() { - default_action_ = ALLOW; - return *this; + return DefaultAction(AllowAllSyscalls()); } PolicyBuilder& PolicyBuilder::DefaultAction(AllowAllSyscalls) { diff --git a/sandboxed_api/sandbox2/policybuilder.h b/sandboxed_api/sandbox2/policybuilder.h index c83f36f..b265a39 100644 --- a/sandboxed_api/sandbox2/policybuilder.h +++ b/sandboxed_api/sandbox2/policybuilder.h @@ -672,9 +672,10 @@ class PolicyBuilder final { // All syscalls not handled explicitly by the policy will thus be allowed. // Do not use in environment with untrusted code and/or data, ask // sandbox-team@ first if unsure. + PolicyBuilder& DefaultAction(AllowAllSyscalls); + ABSL_DEPRECATED("Use DefaultAction(sandbox2::AllowAllSyscalls()) instead") PolicyBuilder& DangerDefaultAllowAll(); - PolicyBuilder& DefaultAction(AllowAllSyscalls); // Allows syscalls that are necessary for the NetworkProxyClient PolicyBuilder& AddNetworkProxyPolicy();