Add /proc/stat and /proc/meminfo to tts service read-only files

Required to support
https://chromium-review.googlesource.com/c/chromium/src/+/2510736

R=mpdenton@chromium.org

Test: on patched .so, and patched build of Chrome without any further modification, and a standard .so build using chromiumos toolchain, verify tts service works on arm32.
Change-Id: Idfefa22d2819ce819f3a265f4fa3e7169e6697ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2518729
Commit-Queue: David Tseng <dtseng@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Auto-Submit: David Tseng <dtseng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#824927}

chromeos/services/tts/tts_sandbox_hook.cc

@@ -36,10 +36,17 @@ void AddTempDataDirectory(std::vector<BrokerFilePermission>* permissions) {
       BrokerFilePermission::ReadWriteCreateRecursive(rw_dir.value()));
 }
 
+void AddReadOnlyFiles(std::vector<BrokerFilePermission>* permissions) {
+  // These files are required for some syscalls e.g. get_nprocs, sysinfo.
+  permissions->push_back(BrokerFilePermission::ReadOnly("/proc/stat"));
+  permissions->push_back(BrokerFilePermission::ReadOnly("/proc/meminfo"));
+}
+
 std::vector<BrokerFilePermission> GetTtsFilePermissions() {
   std::vector<BrokerFilePermission> permissions;
   AddBundleFolder(&permissions);
   AddTempDataDirectory(&permissions);
+  AddReadOnlyFiles(&permissions);
   return permissions;
 }
 

sandbox/policy/linux/bpf_tts_policy_linux.cc

@@ -26,6 +26,8 @@ TtsProcessPolicy::~TtsProcessPolicy() {}
 
 ResultExpr TtsProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
+    case __NR_sysinfo:
+      return Allow();
     case __NR_sched_setscheduler:
       return RestrictSchedTarget(GetPolicyPid(), sysno);
     default: