From aefdb94575ea604113ce456603cf82ada28f07ef Mon Sep 17 00:00:00 2001
From: Christian Blichmann <cblichmann@google.com>
Date: Wed, 16 Feb 2022 00:07:44 -0800
Subject: [PATCH] Update zlib examples

- Link `zipe.c` statically (safe)
- Update policy to allow any use of `stat()`

PiperOrigin-RevId: 428971638
Change-Id: Ib0f5f496ea2389582986b41a8830592e6c1d4390
---
 sandboxed_api/examples/zlib/BUILD.bazel               | 2 +-
 sandboxed_api/examples/zlib/CMakeLists.txt            | 2 +-
 sandboxed_api/sandbox2/examples/zlib/BUILD.bazel      | 5 +----
 sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt   | 2 +-
 sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc | 2 +-
 5 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/sandboxed_api/examples/zlib/BUILD.bazel b/sandboxed_api/examples/zlib/BUILD.bazel
index 153a6d5..a727c8a 100644
--- a/sandboxed_api/examples/zlib/BUILD.bazel
+++ b/sandboxed_api/examples/zlib/BUILD.bazel
@@ -36,7 +36,7 @@ sapi_library(
 cc_binary(
     name = "main_zlib",
     srcs = ["main_zlib.cc"],
-    copts = sapi_platform_copts(["-Wframe-larger-than=65536"]),
+    copts = sapi_platform_copts(),
     deps = [
         ":zlib-sapi",
         ":zlib-sapi_embed",
diff --git a/sandboxed_api/examples/zlib/CMakeLists.txt b/sandboxed_api/examples/zlib/CMakeLists.txt
index 8fb97a6..f851b77 100644
--- a/sandboxed_api/examples/zlib/CMakeLists.txt
+++ b/sandboxed_api/examples/zlib/CMakeLists.txt
@@ -17,7 +17,7 @@ add_sapi_library(zlib-sapi
   FUNCTIONS deflateInit_
             deflate
             deflateEnd
-  INPUTS ${ZLIB_INCLUDE_DIRS}/zlib.h
+  INPUTS "${ZLIB_INCLUDE_DIRS}/zlib.h"
   LIBRARY ZLIB::ZLIB
   LIBRARY_NAME Zlib
   NAMESPACE "sapi::zlib"
diff --git a/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel b/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel
index e553e54..4b4c232 100644
--- a/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel
@@ -37,9 +37,6 @@ cc_binary(
     name = "zpipe",
     srcs = ["zpipe.c"],
     copts = sapi_platform_copts(),
-    features = [
-        "fully_static_link",  # link libc statically
-    ],
-    linkstatic = 1,
+    features = ["fully_static_link"],
     deps = ["@net_zlib//:zlib"],
 )
diff --git a/sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt b/sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt
index e443324..e5e45b5 100644
--- a/sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt
@@ -24,7 +24,6 @@ target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
   absl::memory
   sandbox2::bpf_helper
   sandbox2::comms
-  # sandbox2::ipc
   sapi::runfiles
   sandbox2::sandbox2
   sapi::base
@@ -38,5 +37,6 @@ add_executable(sandbox2_zpipe
 set_target_properties(sandbox2_zpipe PROPERTIES OUTPUT_NAME zpipe)
 add_executable(sandbox2::zpipe ALIAS sandbox2_zpipe)
 target_link_libraries(sandbox2_zpipe PRIVATE
+  -static
   ZLIB::ZLIB
 )
diff --git a/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc b/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc
index 556cf74..f018b10 100644
--- a/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc
@@ -54,7 +54,7 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
       // Allow write on STDOUT / STDERR.
       .AddPolicyOnSyscall(__NR_write,
                           {ARG_32(0), JEQ32(1, ALLOW), JEQ32(2, ALLOW)})
-      .AllowSyscall(__NR_fstat)
+      .AllowStat()
       .AllowStaticStartup()
       .AllowSystemMalloc()
       .AllowExit()