commit 1dd50039952511c729429a48b1157f09c2b2e208
author Hong Xu <xuhong@chromium.org> Thu Feb 09 00:59:45 2023 +0000
committer Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Feb 09 15:15:25 2023 +0000
tree 424dabaf398fa750e24e0e340967b95b132e4d12
parent be93c1384d506864c6f4a91148436c9350494517

minijail: Expose is_fs_restriction_available

Following up crrev.com/c/4226158, which did not expose the function in
the shared library.

BUG=b:267814470
FIXED=b:267814470
TEST=CQ
TEST=./libminijail_unittest

Change-Id: Ida66a611abd7345b5f5f1f407c4aa08a30349830
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/minijail/+/4234584
Auto-Submit: Hong Xu <xuhong@google.com>
Reviewed-by: Ben Scarlato <akhna@google.com>
Commit-Queue: Allen Webb <allenwebb@google.com>
Tested-by: Hong Xu <xuhong@google.com>
Commit-Queue: Hong Xu <xuhong@google.com>
Commit-Queue: Ben Scarlato <akhna@google.com>
Reviewed-by: Allen Webb <allenwebb@google.com>

libminijail.c

diff --git a/libminijail.c b/libminijail.c
index 6db3add..d9fcc67 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -320,13 +320,6 @@
 	free_remounts_list(j);
 }
 
-bool minijail_is_fs_restriction_available(void) {
-  const int abi =
-      landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
-  // ABI > 0 is considered supported.
-  return abi > 0;
-}
-
 /* Adds a rule for a given path to apply once minijail is entered. */
 static int add_fs_restriction_path(struct minijail *j,
 		const char *path,
@@ -581,7 +574,16 @@
 	return j->flags.enable_default_runtime;
 }
 
-void API minijail_disable_fs_restrictions(struct minijail *j) {
+bool API minijail_is_fs_restriction_available(void)
+{
+	const int abi =
+	    landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
+	// ABI > 0 is considered supported.
+	return abi > 0;
+}
+
+void API minijail_disable_fs_restrictions(struct minijail *j)
+{
 	j->flags.enable_fs_restrictions = false;
 }