From 84673bbe3eaa71216f9dd321fd56c7778ccce382 Mon Sep 17 00:00:00 2001
From: Sandboxed API Team <sandboxed-api@google.com>
Date: Fri, 29 Apr 2022 18:23:22 -0700
Subject: [PATCH] Allow readlinkat with sanitizers

Required after https://reviews.llvm.org/D124212

PiperOrigin-RevId: 445551132
Change-Id: I140c67544d0cf18ee6c75aa9407777bd3414d929
---
 sandboxed_api/sandbox2/policybuilder.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
index 1d675ae..6864eed 100644
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@@ -278,6 +278,11 @@ PolicyBuilder& PolicyBuilder::AllowLlvmSanitizers() {
     // Sanitizers may try color output. For example:
     // https://github.com/llvm/llvm-project/blob/87dd3d350c4ce0115b2cdf91d85ddd05ae2661aa/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp#L157
     OverridableBlockSyscallWithErrno(__NR_ioctl, EPERM);
+    // https://github.com/llvm/llvm-project/blob/02c2b472b510ff55679844c087b66e7837e13dc2/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp#L434
+#ifdef __NR_readlink
+    OverridableBlockSyscallWithErrno(__NR_readlink, ENOENT);
+#endif
+    OverridableBlockSyscallWithErrno(__NR_readlinkat, ENOENT);
   }
   if constexpr (sapi::sanitizers::IsASan()) {
     AllowSyscall(__NR_sigaltstack);