StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Fix BlockSyscallsWithErrno

Browse Source 
PiperOrigin-RevId: 429982218
Change-Id: I42b187e678542b295542ca44882945c7695178e1
This commit is contained in:
Wiktor Garbacz 2022-02-21 00:46:16 -08:00 committed by Copybara-Service
parent e9c041f0c2
commit a2daa0a275
2 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sandboxed_api/sandbox2/buffer_test.cc
View File

@ -75,6 +75,7 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
.AllowWrite() .AllowWrite()
.AllowMmap() .AllowMmap()
.AllowStat() .AllowStat()
.AllowOpen()
.AllowSyscalls({ .AllowSyscalls({
__NR_dup, __NR_dup,
__NR_futex, __NR_futex,
@ -88,10 +89,6 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
}) })
.BlockSyscallsWithErrno( .BlockSyscallsWithErrno(
{ {
#ifdef __NR_open
__NR_open,
#endif
__NR_openat,
#ifdef __NR_access #ifdef __NR_access
// On Debian, even static binaries check existence of // On Debian, even static binaries check existence of
// /etc/ld.so.nohwcap. // /etc/ld.so.nohwcap.

2
sandboxed_api/sandbox2/policybuilder.cc
View File

@ -91,7 +91,7 @@ PolicyBuilder& PolicyBuilder::AllowSyscalls(absl::Span<const uint32_t> nums) {
PolicyBuilder& PolicyBuilder::BlockSyscallsWithErrno( PolicyBuilder& PolicyBuilder::BlockSyscallsWithErrno(
absl::Span<const uint32_t> nums, int error) { absl::Span<const uint32_t> nums, int error) {
for (auto num : nums) { for (auto num : nums) {
AllowSyscall(num); BlockSyscallWithErrno(num, error);
} }
return *this; return *this;
} }