Automated rollback of commit f2ad018.

happyCoder92 · copybara-github · commit 51639c0e49c0 · 2026-04-28T02:12:11.000-07:00
PiperOrigin-RevId: 906827281
Change-Id: If955e00feb5aadb5afc941ab6698c0806399c158
diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
@@ -1127,14 +1127,12 @@ PolicyBuilder& PolicyBuilder::AllowRestartableSequences(
                                             });
     AllowPrctlSetVma();
 
-    AddFileIfNamespaced("/proc/cpuinfo");
-    AddFileIfNamespaced("/proc/stat");
+    AddDirectoryIfNamespaced("/proc");
     AddDirectoryIfNamespaced("/sys/devices/system/cpu");
   }
   if (cpu_fence_mode == kAllowSlowFences && !allowed_complex_.slow_fences) {
     AllowSyscall(__NR_sched_getaffinity);
     AllowSyscall(__NR_sched_setaffinity);
-    AddFileIfNamespaced("/proc/self/cpuset");
     allowed_complex_.slow_fences = true;
   } else if (cpu_fence_mode == kRequireFastFences) {
     allowed_complex_.fast_fences = true;
diff --git a/sandboxed_api/sandbox2/policybuilder.h b/sandboxed_api/sandbox2/policybuilder.h
@@ -267,18 +267,14 @@ class PolicyBuilder final {
   // - futex(WAIT)
   // - futex(WAKE)
   // - rt_sigprocmask(SIG_SETMASK)
-  // Allows these files:
-  // - "/proc/cpuinfo"
-  // - "/proc/stat"
-  // And this directory (including subdirs/files):
+  // Allows these directories (including subdirs/files):
+  // - "/proc"
   // - "/sys/devices/system/cpu/"
   //
   // If `cpu_fence_mode` is `kAllowSlowFences`, also permits slow CPU fences.
   // Allows these syscalls:
   // - sched_getaffinity
   // - sched_setaffinity
-  // Allows these files:
-  // - "/proc/self/cpuset"
   //
   // If `cpu_fence_mode` is `kRequireFastFences`, RSEQ functionality may not
   // be enabled if fast CPU fences are not available.
