Update zlib examples

- Link `zipe.c` statically (safe)
- Update policy to allow any use of `stat()`

PiperOrigin-RevId: 428971638
Change-Id: Ib0f5f496ea2389582986b41a8830592e6c1d4390

sandboxed_api/examples/zlib/BUILD.bazel

@@ -36,7 +36,7 @@ sapi_library(
 cc_binary(
     name = "main_zlib",
     srcs = ["main_zlib.cc"],
-    copts = sapi_platform_copts(["-Wframe-larger-than=65536"]),
+    copts = sapi_platform_copts(),
     deps = [
         ":zlib-sapi",
         ":zlib-sapi_embed",

sandboxed_api/examples/zlib/CMakeLists.txt

@@ -17,7 +17,7 @@ add_sapi_library(zlib-sapi
   FUNCTIONS deflateInit_
             deflate
             deflateEnd
-  INPUTS ${ZLIB_INCLUDE_DIRS}/zlib.h
+  INPUTS "${ZLIB_INCLUDE_DIRS}/zlib.h"
   LIBRARY ZLIB::ZLIB
   LIBRARY_NAME Zlib
   NAMESPACE "sapi::zlib"

sandboxed_api/sandbox2/examples/zlib/BUILD.bazel

@@ -37,9 +37,6 @@ cc_binary(
     name = "zpipe",
     srcs = ["zpipe.c"],
     copts = sapi_platform_copts(),
-    features = [
-        "fully_static_link",  # link libc statically
-    ],
-    linkstatic = 1,
+    features = ["fully_static_link"],
     deps = ["@net_zlib//:zlib"],
 )

sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt

@@ -24,7 +24,6 @@ target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
   absl::memory
   sandbox2::bpf_helper
   sandbox2::comms
-  # sandbox2::ipc
   sapi::runfiles
   sandbox2::sandbox2
   sapi::base
@@ -38,5 +37,6 @@ add_executable(sandbox2_zpipe
 set_target_properties(sandbox2_zpipe PROPERTIES OUTPUT_NAME zpipe)
 add_executable(sandbox2::zpipe ALIAS sandbox2_zpipe)
 target_link_libraries(sandbox2_zpipe PRIVATE
+  -static
   ZLIB::ZLIB
 )

sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc

@@ -54,7 +54,7 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
       // Allow write on STDOUT / STDERR.
       .AddPolicyOnSyscall(__NR_write,
                           {ARG_32(0), JEQ32(1, ALLOW), JEQ32(2, ALLOW)})
-      .AllowSyscall(__NR_fstat)
+      .AllowStat()
       .AllowStaticStartup()
       .AllowSystemMalloc()
       .AllowExit()