StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Add a helper for allowing epoll

Browse Source 
PiperOrigin-RevId: 432387441
Change-Id: I52865ab4abd4ebaf9842859b5f2718b204f4c6ea
This commit is contained in:
Wiktor Garbacz 2022-03-04 01:24:22 -08:00 committed by Copybara-Service
parent eec22e8aaf
commit 5f34d11e77
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sandboxed_api/sandbox2/policybuilder.cc
View File

@ -113,6 +113,19 @@ PolicyBuilder& PolicyBuilder::OverridableBlockSyscallWithErrno(uint32_t num,
return *this;
}
PolicyBuilder& PolicyBuilder::AllowEpoll() {
return AllowSyscalls({
__NR_epoll_create,
__NR_epoll_create1,
__NR_epoll_ctl,
__NR_epoll_wait,
__NR_epoll_pwait,
#ifdef __NR_epoll_pwait2
__NR_epoll_pwait2,
#endif
});
}
PolicyBuilder& PolicyBuilder::AllowExit() {
return AllowSyscalls({__NR_exit, __NR_exit_group});
}

10
sandboxed_api/sandbox2/policybuilder.h
View File

@ -120,6 +120,16 @@ class PolicyBuilder final {
// Appends code to block a specific syscall and setting errno.
PolicyBuilder& BlockSyscallWithErrno(uint32_t num, int error);
// Appends code to allow using epoll.
// Allows these syscalls:
// - epoll_create
// - epoll_create1
// - epoll_ctl
// - epoll_wait
// - epoll_pwait
// - epoll_pwait2
PolicyBuilder& AllowEpoll();
// Appends code to allow exiting.
// Allows these syscalls:
// - exit