From 382f70b8d93d012648edc7a42087a6d4d5a103eb Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 5 Nov 2021 06:23:34 -0400
Subject: libsandbox/libsbutil: use faccessat for file-existence tests

This is faster than using stat since it doesn't have to gather all
the metadata, and should avoid LFS issues as a result.

Bug: https://bugs.gentoo.org/583282
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 libsandbox/pre_check_openat.c              | 15 +++------------
 libsandbox/wrapper-funcs/fopen_pre_check.c |  3 +--
 libsbutil/src/file.c                       | 14 +-------------
 3 files changed, 5 insertions(+), 27 deletions(-)

diff --git a/libsandbox/pre_check_openat.c b/libsandbox/pre_check_openat.c
index 8cf8133..8fd3b23 100644
--- a/libsandbox/pre_check_openat.c
+++ b/libsandbox/pre_check_openat.c
@@ -12,24 +12,15 @@
 
 bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int flags)
 {
-	/* If we're not trying to create, fail normally if
-	 * file does not stat
-	 */
+	/* If we're not trying to create, fail normally if file does not stat */
 	if (flags & O_CREAT)
 		return true;
 
 	save_errno();
 
-	/* Check incoming args against common *at issues */
-	char dirfd_path[SB_PATH_MAX];
-	if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path)))
-		return false;
-
 	/* Doesn't exist -> skip permission checks */
-	struct stat st;
-	if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) {
-		sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
-			func, pathname, strerror(errno));
+	if (faccessat(dirfd, pathname, F_OK, (flags & O_NOFOLLOW) ? AT_SYMLINK_NOFOLLOW : 0) == -1) {
+		sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname, strerror(errno));
 		return false;
 	}
 
diff --git a/libsandbox/wrapper-funcs/fopen_pre_check.c b/libsandbox/wrapper-funcs/fopen_pre_check.c
index 765526e..95108e0 100644
--- a/libsandbox/wrapper-funcs/fopen_pre_check.c
+++ b/libsandbox/wrapper-funcs/fopen_pre_check.c
@@ -11,8 +11,7 @@ bool sb_fopen_pre_check(const char *func, const char *pathname, const char *mode
 		save_errno();
 
 		/* If we're trying to read, fail normally if file does not stat */
-		struct stat st;
-		if (-1 == stat(pathname, &st)) {
+		if (faccessat(AT_FDCWD, pathname, F_OK, 0) == -1) {
 			sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
 				func, pathname, strerror(errno));
 			return false;
diff --git a/libsbutil/src/file.c b/libsbutil/src/file.c
index 4542ae5..a1a4a0e 100644
--- a/libsbutil/src/file.c
+++ b/libsbutil/src/file.c
@@ -15,19 +15,7 @@
 bool
 rc_file_exists (const char *pathname)
 {
-  struct stat buf;
-  int retval;
-
-  if (!check_str (pathname))
-    return false;
-
-  retval = lstat (pathname, &buf);
-  if (-1 != retval)
-    retval = true;
-  else
-    retval = false;
-
-  return retval;
+  return faccessat(AT_FDCWD, pathname, F_OK, AT_SYMLINK_NOFOLLOW) == 0;
 }
 
 bool
-- 
cgit v1.2.3-65-gdbad