diff options
author | Wiktor Garbacz <wiktorg@google.com> | 2024-02-01 02:51:09 -0800 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2024-02-01 02:51:48 -0800 |
commit | 29a3b8cd39904e17665279a4787a932f351739d8 (patch) | |
tree | cc6fc52aa8d82aa43d0bfb1c164f00817474a271 | |
parent | b9c84a1f75d282ff38ebed068bebe9960af9eb71 (diff) | |
download | sandboxed-api-29a3b8cd39904e17665279a4787a932f351739d8.tar.gz |
Add AllowAccess to SAPI's default policy
The syscalls are fairly common and low risk.
PiperOrigin-RevId: 603312020
Change-Id: Id06bddc4e7fcc879cad567361ae5b0bad9533142
-rw-r--r-- | sandboxed_api/sandbox.cc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sandboxed_api/sandbox.cc b/sandboxed_api/sandbox.cc index 02cc51c..88b2696 100644 --- a/sandboxed_api/sandbox.cc +++ b/sandboxed_api/sandbox.cc @@ -76,6 +76,7 @@ void InitDefaultPolicyBuilder(sandbox2::PolicyBuilder* builder) { .AllowGetPIDs() .AllowSleep() .AllowReadlink() + .AllowAccess() .AllowSyscalls({ __NR_recvmsg, __NR_sendmsg, |