Remove `Tag` constructor, add standard comment for `absl::WrapUnique(new T)`

PiperOrigin-RevId: 483654433
Change-Id: I16b058a6b186f764f45bc5540f3f49d5a294ddeb

sandboxed_api/sandbox2/BUILD.bazel

@@ -603,11 +603,9 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         ":util",
-        "//sandboxed_api/util:status",
-        "@com_google_absl//absl/base:core_headers",
+        "@com_google_absl//absl/memory",
         "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
-        "@com_google_absl//absl/strings",
     ],
 )
 

sandboxed_api/sandbox2/CMakeLists.txt

@@ -525,6 +525,7 @@ add_library(sandbox2_buffer ${SAPI_LIB_TYPE}
 add_library(sandbox2::buffer ALIAS sandbox2_buffer)
 target_link_libraries(sandbox2_buffer
   PRIVATE absl::core_headers
+          absl::memory
           absl::status
           absl::strings
           sapi::strerror

sandboxed_api/sandbox2/buffer.cc

@@ -21,6 +21,7 @@
 #include <cerrno>
 #include <memory>
 
+#include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "sandboxed_api/sandbox2/util.h"
@@ -29,7 +30,8 @@ namespace sandbox2 {
 
 // Creates a new Buffer that is backed by the specified file descriptor.
 absl::StatusOr<std::unique_ptr<Buffer>> Buffer::CreateFromFd(int fd) {
-  auto buffer = std::make_unique<Buffer>();
+  // Using `new` to access a non-public constructor.
+  auto buffer = absl::WrapUnique(new Buffer());
 
   struct stat stat_buf;
   if (fstat(fd, &stat_buf) != 0) {

sandboxed_api/sandbox2/buffer.h

@@ -28,11 +28,7 @@ namespace sandbox2 {
 // The executor must distrust the content of this buffer, like everything
 // else that comes under control of the sandboxee.
 class Buffer final {
- private:
-  struct Tag {};
-
  public:
-  Buffer(Tag tag = {}) {}
   ~Buffer();
 
   Buffer(const Buffer&) = delete;
@@ -57,6 +53,8 @@ class Buffer final {
   int fd() const { return fd_; }
 
  private:
+  Buffer() = default;
+
   uint8_t* buf_ = nullptr;
   int fd_ = -1;
   size_t size_ = 0;

sandboxed_api/sandbox2/policybuilder.cc

@@ -969,6 +969,7 @@ std::vector<sock_filter> PolicyBuilder::ResolveBpfFunc(BpfFunc f) {
 }
 
 absl::StatusOr<std::unique_ptr<Policy>> PolicyBuilder::TryBuild() {
+  // Using `new` to access a non-public constructor.
   auto output = absl::WrapUnique(new Policy());
 
   if (user_policy_.size() > kMaxUserPolicyLength) {

sandboxed_api/sandbox2/stack_trace.cc

@@ -169,12 +169,8 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
     const Regs* regs, const Mounts& mounts) {
   const pid_t pid = regs->pid();
 
-  // Tell executor to use this special internal mode.
-  std::vector<std::string> argv;
-  std::vector<std::string> envp;
-
-  // We're not using absl::make_unique here as we're a friend of this specific
-  // constructor and using make_unique won't work.
+  // Tell executor to use this special internal mode. Using `new` to access a
+  // non-public constructor.
   auto executor = absl::WrapUnique(new Executor(pid));
 
   executor->limits()
@@ -264,9 +260,8 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
     return absl::InternalError(
         "Receiving status from libunwind sandbox failed");
   }
-  if (!status.ok()) {
-    return status;
-  }
+  SAPI_RETURN_IF_ERROR(status);
+
   UnwindResult result;
   if (!comms->RecvProtoBuf(&result)) {
     return absl::InternalError("Receiving libunwind result failed");