Test that isatty is being allowed by AllowTCGETS.

PiperOrigin-RevId: 239370864
Change-Id: Id98f3e5d8dceedb3cfbcd23b980e828f576d3e8d

sandboxed_api/sandbox2/policy_test.cc

@@ -47,6 +47,7 @@ std::unique_ptr<Policy> PolicyTestcasePolicy() {
       .AllowWrite()
       .AllowSyscall(__NR_close)
       .AllowSyscall(__NR_getppid)
+      .AllowTCGETS()
       .BlockSyscallWithErrno(__NR_open, ENOENT)
       .BlockSyscallWithErrno(__NR_openat, ENOENT)
       .BlockSyscallWithErrno(__NR_access, ENOENT)
@@ -140,6 +141,20 @@ TEST(PolicyTest, BpfDisallowed) {
   EXPECT_THAT(result.reason_code(), Eq(__NR_bpf));
 }
 
+TEST(PolicyTest, IsattyAllowed) {
+  SKIP_SANITIZERS_AND_COVERAGE;
+  const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
+  std::vector<std::string> args = {path, "6"};
+  auto executor = absl::make_unique<Executor>(path, args);
+
+  auto policy = PolicyTestcasePolicy();
+
+  Sandbox2 s2(std::move(executor), std::move(policy));
+  auto result = s2.Run();
+
+  ASSERT_THAT(result.final_status(), Eq(Result::OK));
+}
+
 std::unique_ptr<Policy> MinimalTestcasePolicy() {
   return PolicyBuilder()
       .AllowStaticStartup()

sandboxed_api/sandbox2/testcases/policy.cc

@@ -77,6 +77,13 @@ void TestBpf() {
   exit(EXIT_FAILURE);
 }
 
+void TestIsatty() {
+  isatty(0);
+
+  printf("Syscall violation should have been discovered by now\n");
+  exit(EXIT_FAILURE);
+}
+
 int main(int argc, char** argv) {
   // Disable buffering.
   setbuf(stdin, nullptr);
@@ -107,6 +114,9 @@ int main(int argc, char** argv) {
     case 5:
       TestBpf();
       break;
+    case 6:
+      TestIsatty();
+      break;
     default:
       printf("Unknown test: %d\n", testno);
       return EXIT_FAILURE;