Add AllowAccess to SAPI's default policy

The syscalls are fairly common and low risk. PiperOrigin-RevId: 603312020 Change-Id: Id06bddc4e7fcc879cad567361ae5b0bad9533142
author: Wiktor Garbacz <wiktorg@google.com> 2024-02-01 02:51:09 -0800
committer: Copybara-Service <copybara-worker@google.com> 2024-02-01 02:51:48 -0800
commit: 29a3b8cd39904e17665279a4787a932f351739d8 (patch)
tree: cc6fc52aa8d82aa43d0bfb1c164f00817474a271
parent: b9c84a1f75d282ff38ebed068bebe9960af9eb71 (diff)
download: sandboxed-api-29a3b8cd39904e17665279a4787a932f351739d8.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sandboxed_api/sandbox.cc b/sandboxed_api/sandbox.cc
index 02cc51c..88b2696 100644
--- a/sandboxed_api/sandbox.cc
+++ b/sandboxed_api/sandbox.cc
@@ -76,6 +76,7 @@ void InitDefaultPolicyBuilder(sandbox2::PolicyBuilder* builder) {
       .AllowGetPIDs()
       .AllowSleep()
       .AllowReadlink()
+      .AllowAccess()
       .AllowSyscalls({
           __NR_recvmsg,
           __NR_sendmsg,
author	Wiktor Garbacz <wiktorg@google.com>	2024-02-01 02:51:09 -0800
committer	Copybara-Service <copybara-worker@google.com>	2024-02-01 02:51:48 -0800
commit	29a3b8cd39904e17665279a4787a932f351739d8 (patch)
tree	cc6fc52aa8d82aa43d0bfb1c164f00817474a271
parent	b9c84a1f75d282ff38ebed068bebe9960af9eb71 (diff)
download	sandboxed-api-29a3b8cd39904e17665279a4787a932f351739d8.tar.gz