Linux sandbox: make BrokerClient::Readlink consistent with kernel

BrokerClient::Readlink returns -ENAMETOOLONG if the buffer is too small
for the pathname, but this is inconsistent with POSIX which fills up
the buffer with part of the pathname, and only returns -ENAMETOOLONG
if the actual pathname is longer than PATH_MAX or an individual
pathname component is longer than NAME_MAX.

Change-Id: I282f2ead6814bbd799e286a6e80ed5991ceeb54e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2379470
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#802436}

sandbox/linux/syscall_broker/broker_client.cc

@@ -112,11 +112,14 @@ int BrokerClient::Readlink(const char* path, char* buf, size_t bufsize) const {
     return -ENOMEM;
   if (return_length < 0)
     return -ENOMEM;
+  // Sanity check that our broker is behaving correctly.
+  RAW_CHECK(return_length == static_cast<size_t>(return_value));
 
-  if (static_cast<size_t>(return_length) > bufsize)
-    return -ENAMETOOLONG;
+  if (return_length > bufsize) {
+    return_length = bufsize;
+  }
   memcpy(buf, return_data, return_length);
-  return return_value;
+  return return_length;
 }
 
 int BrokerClient::Rename(const char* oldpath, const char* newpath) const {

sandbox/linux/syscall_broker/broker_process_unittest.cc

@@ -1094,7 +1094,7 @@ void TestReadlinkHelper(bool fast_check_in_client) {
     BrokerProcess open_broker(kFakeErrnoSentinel, command_set, permissions,
                               fast_check_in_client);
     ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
-    EXPECT_EQ(-ENAMETOOLONG, open_broker.Readlink(newpath_name, buf, 4));
+    EXPECT_EQ(4, open_broker.Readlink(newpath_name, buf, 4));
   }
 
   // Cleanup both paths.