libsbutil: add sbio_faccessat and use it in sb_exists

sbio_faccessat allows libsbutil to access the unwrapped version of
faccessat when called from libsandbox.

Using faccessat in place of fstatat seems to give a small boost in
performance.

Pass AT_EACCESS faccessat to enable a faster path if uid != euid.

Bug: https://bugs.gentoo.org/910273
Signed-off-by: Mike Gilbert <floppym@gentoo.org>

2 files changed, 11 insertions, 0 deletions

diff --git a/libsbutil/sb_exists.c b/libsbutil/sb_exists.c
index d34f0cc..c2171fe 100644
--- a/libsbutil/sb_exists.c
+++ b/libsbutil/sb_exists.c
@@ -10,5 +10,15 @@
 int sb_exists(int dirfd, const char *pathname, int flags)
 {
 	struct stat64 buf;
+
+	if (sbio_faccessat(dirfd, pathname, F_OK, flags|AT_EACCESS) == 0)
+		return 0;
+
+	/* musl's faccessat gives EINVAL when the kernel does not support
+	 * faccessat2 and AT_SYMLINK_NOFOLLOW is set.
+	 * https://www.openwall.com/lists/musl/2023/06/19/1 */
+	if (errno != EINVAL)
+		return -1;
+
 	return fstatat64(dirfd, pathname, &buf, flags);
 }
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 4061dd3..6d284f1 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -100,6 +100,7 @@ extern const char sb_fd_dir[];
 const char *sb_get_cmdline(pid_t pid);
 
 /* libsandbox need to use a wrapper for open */
+attribute_hidden extern int (*sbio_faccessat)(int, const char *, int, int);
 attribute_hidden extern int (*sbio_open)(const char *, int, mode_t);
 attribute_hidden extern FILE *(*sbio_popen)(const char *, const char *);
 extern const char *sbio_message_path;