Fix BlockSyscallsWithErrno

PiperOrigin-RevId: 429982218 Change-Id: I42b187e678542b295542ca44882945c7695178e1
2024-03-22 13:11:30 +08:00 · 2022-02-21 00:46:16 -08:00 · 2022-02-21 00:46:16 -08:00 · a2daa0a275
commit a2daa0a275
parent e9c041f0c2
2 changed files with 2 additions and 5 deletions
--- a/sandboxed_api/sandbox2/buffer_test.cc
+++ b/sandboxed_api/sandbox2/buffer_test.cc
@ -75,6 +75,7 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
                 .AllowWrite()
                 .AllowMmap()
                 .AllowStat()
+                 .AllowOpen()
                 .AllowSyscalls({
                     __NR_dup,
                     __NR_futex,
@ -88,10 +89,6 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
                 })
                 .BlockSyscallsWithErrno(
                     {
-#ifdef __NR_open
-                         __NR_open,
-#endif
-                         __NR_openat,
 #ifdef __NR_access
                         // On Debian, even static binaries check existence of
                         // /etc/ld.so.nohwcap.
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@ -91,7 +91,7 @@ PolicyBuilder& PolicyBuilder::AllowSyscalls(absl::Span<const uint32_t> nums) {
 PolicyBuilder& PolicyBuilder::BlockSyscallsWithErrno(
    absl::Span<const uint32_t> nums, int error) {
  for (auto num : nums) {
-    AllowSyscall(num);
+    BlockSyscallWithErrno(num, error);
  }
  return *this;
 }