Add a helper for allowing epoll

PiperOrigin-RevId: 432879710 Change-Id: I7cc991358ce25729b002210a04bacb3ae91d8a1f
2024-03-22 13:11:30 +08:00 · 2022-03-07 00:53:48 -08:00 · 2022-03-07 00:53:48 -08:00 · d1995bdca5
commit d1995bdca5
parent 8e82b900f4
2 changed files with 33 additions and 0 deletions
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@ -113,6 +113,29 @@ PolicyBuilder& PolicyBuilder::OverridableBlockSyscallWithErrno(uint32_t num,
  return *this;
 }

+PolicyBuilder& PolicyBuilder::AllowEpoll() {
+  return AllowSyscalls({
+#ifdef __NR_epoll_create
+      __NR_epoll_create,
+#endif
+#ifdef __NR_epoll_create1
+      __NR_epoll_create1,
+#endif
+#ifdef __NR_epoll_ctl
+      __NR_epoll_ctl,
+#endif
+#ifdef __NR_epoll_wait
+      __NR_epoll_wait,
+#endif
+#ifdef __NR_epoll_pwait
+      __NR_epoll_pwait,
+#endif
+#ifdef __NR_epoll_pwait2
+      __NR_epoll_pwait2,
+#endif
+  });
+}
+
 PolicyBuilder& PolicyBuilder::AllowExit() {
  return AllowSyscalls({__NR_exit, __NR_exit_group});
 }
--- a/sandboxed_api/sandbox2/policybuilder.h
+++ b/sandboxed_api/sandbox2/policybuilder.h
@ -120,6 +120,16 @@ class PolicyBuilder final {
  // Appends code to block a specific syscall and setting errno.
  PolicyBuilder& BlockSyscallWithErrno(uint32_t num, int error);

+  // Appends code to allow using epoll.
+  // Allows these syscalls:
+  // - epoll_create
+  // - epoll_create1
+  // - epoll_ctl
+  // - epoll_wait
+  // - epoll_pwait
+  // - epoll_pwait2
+  PolicyBuilder& AllowEpoll();
+
  // Appends code to allow exiting.
  // Allows these syscalls:
  // - exit